Skip to main content
CVE-2017-7581 CRITICAL POC THREAT Emergency

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

SQLi PHP News System
NVD
CVSS 3.0
9.8
EPSS
64.5%
Threat
5.4
CVE-2017-0561 CRITICAL POC PATCH THREAT Act Now

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.9%.

Buffer Overflow Broadcom RCE Google Memory Corruption +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.9%
Threat
4.6
CVE-2017-7577 CRITICAL POC Act Now

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Uc Httpd
NVD
CVSS 3.0
9.8
EPSS
5.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy