Skip to main content
CVE-2017-5983 CRITICAL POC Act Now

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization RCE Java Atlassian +1
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2016-5053 CRITICAL POC Act Now

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lightify Home
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-7625 CRITICAL POC Act Now

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2015-2882 CRITICAL POC Act Now

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass In Sight B120 37
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2015-2881 CRITICAL POC Act Now

Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gcw 1010 Gcw 1020 Gpw 1025
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-5065 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-5074 CRITICAL POC Act Now

CloudView NMS before 2.10a has a format string issue exploitable over SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudview Nms
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-5068 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5069 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5066 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-5070 CRITICAL POC Act Now

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aleos Firmware
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2016-10311 CRITICAL Act Now

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service SAP Netweaver
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-7239 CRITICAL PATCH Act Now

Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ninka
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2015-7272 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-7271 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2015-7273 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XXE Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-2888 CRITICAL Act Now

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Baby Zoom Wifi Monitor Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2015-7264 CRITICAL Act Now

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Proxygen
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-10321 CRITICAL PATCH Act Now

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Web2Py
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2015-7826 CRITICAL Act Now

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-7292 CRITICAL Act Now

Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Fire Os
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-6878 CRITICAL Act Now

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-2887 CRITICAL Act Now

iBaby M3S has a password of admin for the backdoor admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M3S Baby Monitor Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-2885 CRITICAL Act Now

Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Peek A View Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy