Skip to main content
CVE-2017-6190 HIGH POC THREAT Act Now

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.4%.

Path Traversal D-Link Dwr 116 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
62.4%
Threat
4.9
CVE-2017-7185 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.2%.

Denial Of Service Memory Corruption Use After Free Mongoose Embedded Web Server Library Mongoose Os
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
33.2%
Threat
4.0
CVE-2017-5983 CRITICAL POC Act Now

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization RCE Java Atlassian +1
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2015-8258 HIGH POC THREAT Act Now

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.4%.

Code Injection Axis Communications Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.4%
CVE-2016-5053 CRITICAL POC Act Now

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lightify Home
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-7625 CRITICAL POC Act Now

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2015-2882 CRITICAL POC Act Now

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass In Sight B120 37
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2015-2881 CRITICAL POC Act Now

Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gcw 1010 Gcw 1020 Gpw 1025
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-5065 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-5074 CRITICAL POC Act Now

CloudView NMS before 2.10a has a format string issue exploitable over SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudview Nms
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-5068 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5069 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5066 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5070 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-10322 HIGH POC This Week

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology PHP Command Injection Photo Station
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2017-7617 HIGH PATCH Act Now

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.0%.

Buffer Overflow RCE Asterisk Certified Asterisk
NVD
CVSS 3.0
8.8
EPSS
22.0%
CVE-2015-2880 HIGH POC This Week

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tv Ip743Sic
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-1516 HIGH POC PATCH This Week

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-7622 HIGH POC This Week

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Deepin Desktop Environment
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-5067 HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-8255 HIGH POC This Week

AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Axis Communications Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-5071 HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aleos Firmware
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-10323 HIGH POC This Week

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Photo Station
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5041 HIGH POC This Week

dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2016-5051 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Home
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5052 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Home
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5076 HIGH POC This Week

CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudview Nms
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-2884 HIGH POC This Week

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure In Sight B120 37
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5057 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Pro
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5058 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lightify Pro
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5054 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lightify Home
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5056 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Pro
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-10311 CRITICAL Act Now

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service SAP Netweaver
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2016-5059 MEDIUM POC This Month

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Pro
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-7239 CRITICAL PATCH Act Now

Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ninka
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-5075 MEDIUM POC This Month

CloudView NMS before 2.10a has XSS via a TELNET login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudview Nms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5073 MEDIUM POC This Month

CloudView NMS before 2.10a has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudview Nms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6035 MEDIUM POC This Month

Opsview before 2015-11-06 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5055 MEDIUM POC This Month

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightify Pro
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4334 MEDIUM POC This Month

Jive before 2016.3.1 has an open redirect from the external-link.jspa page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Jive
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2015-7272 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-7271 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2015-7273 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XXE Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-2888 CRITICAL Act Now

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Baby Zoom Wifi Monitor Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2015-7264 CRITICAL Act Now

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Proxygen
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-10321 CRITICAL PATCH Act Now

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Web2Py
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2015-7826 CRITICAL Act Now

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-7292 CRITICAL Act Now

Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Fire Os
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-6878 CRITICAL Act Now

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-2887 CRITICAL Act Now

iBaby M3S has a password of admin for the backdoor admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M3S Baby Monitor Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy