Skip to main content
CVE-2017-6190 HIGH POC THREAT Act Now

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.4%.

Path Traversal D-Link Dwr 116 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
62.4%
Threat
4.9
CVE-2017-7185 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.2%.

Denial Of Service Memory Corruption Use After Free Mongoose Embedded Web Server Library Mongoose Os
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
33.2%
Threat
4.0
CVE-2015-8258 HIGH POC THREAT Act Now

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.4%.

Code Injection Axis Communications Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.4%
CVE-2016-10322 HIGH POC This Week

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology PHP Command Injection Photo Station
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2017-7617 HIGH PATCH Act Now

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.0%.

Buffer Overflow RCE Asterisk Certified Asterisk
NVD
CVSS 3.0
8.8
EPSS
22.0%
CVE-2015-2880 HIGH POC This Week

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tv Ip743Sic
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-1516 HIGH POC PATCH This Week

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Opencv Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-7622 HIGH POC This Week

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Deepin Desktop Environment
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-5067 HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aleos Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-8255 HIGH POC This Week

AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Axis Communications Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-5071 HIGH POC This Week

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aleos Firmware
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-10323 HIGH POC This Week

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Photo Station
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5041 HIGH POC This Week

dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2016-5051 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Home
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5052 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Home
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5076 HIGH POC This Week

CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudview Nms
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-2884 HIGH POC This Week

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure In Sight B120 37
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5057 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Pro
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5058 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lightify Pro
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5054 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lightify Home
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5056 HIGH POC This Week

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lightify Pro
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-7647 HIGH PATCH This Week

SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Log Event Manager
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2015-7274 HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2016-5072 HIGH PATCH This Week

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Oxid Eshop
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2015-2889 HIGH This Week

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Baby Zoom Wifi Monitor Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2015-6028 HIGH This Week

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Snmpc
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2016-4319 HIGH This Week

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Jira
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-8237 HIGH This Week

Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Privilege Escalation Lenovo Updates
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2016-6534 HIGH This Week

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Network Management Information System
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2017-7648 HIGH This Week

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass C1 C1 Lite C2 Fi9800Xe +8
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2015-7270 HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-8235 HIGH This Week

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Customer Care Software Development Kit
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7260 HIGH PATCH This Week

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Liebert Multilink Automated Shutdown
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-7618 HIGH This Week

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2017-5988 HIGH This Week

NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7619 HIGH PATCH This Week

In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-7265 HIGH This Week

Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proxygen
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7263 HIGH This Week

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proxygen
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-2886 HIGH This Week

iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M6 Baby Monitor Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7825 HIGH This Week

botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Botan
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8378 HIGH This Week

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepassx
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-2960 HIGH This Week

Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vision Critical
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7824 HIGH This Week

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Botan
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6605 HIGH This Week

Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cdh
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6879 HIGH This Week

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy