ACT NOW
CVE-2017-7269
9.8
Remote code execution in Microsoft IIS 6.0 WebDAV service allows unauthenticated attackers to execute arbitrary code by sending a specially crafted PROPFIND request with a malicious 'If' header. Confirmed actively exploited (CISA KEV) since July-August 2016, predating public disclosure by 7+ months. EPSS score of 94.43% (100th percentile) reflects widespread exploitation against legacy Windows Server 2003 R2 systems still exposed to the internet. Multiple public exploits exist including Metasploit modules, and vendor patch has been available since March 2017.
|
ACT NOW
CVE-2017-0144
8.8
Remote code execution in Microsoft SMBv1 allows authenticated network attackers to execute arbitrary code on Windows systems via crafted packets. This vulnerability (part of the MS17-010 bulletin and known as 'EternalBlue') is confirmed actively exploited (CISA KEV) with EPSS score of 94.32%, indicating near-certain exploitation probability. Widely weaponized in 2017 WannaCry and NotPetya ransomware campaigns. Affects Windows Vista through Windows 10 1607 and Windows Server 2008-2016, plus Siemens medical imaging systems running vulnerable Windows embedded OS. Multiple public exploits available including DOUBLEPULSAR payload delivery framework.
|
ACT NOW
CVE-2017-0005
7.8
Windows GDI (Graphics Device Interface) allows local privilege escalation through improper memory handling, attributed to the Zirconium APT group and exploited alongside browser zero-days in targeted campaigns.
|
Today's Vulnerabilities Vulnerabilities
Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.
CVEs published in review
Get CVEs that hit your stack — not 200/day
Pick your technologies, get a weekly digest by email. Free, no spam.
React
Python
Postgres
+200 more
React
Next.js
Python
Postgres
AWS
+200 more
Trending Now
See all
Critical Watch
See all
KEV
POC
CVSS
No critical watch entries today
Attack Technique Trend
Prediction based on ZDI Disclosures & CVE data
· 30 days
Vendor Today – Quick Filter
Techniques
POC
CISA KEV
PATCH
UNPATCHED
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0
|
3.9|
6.9|
8.9|
10
NONE
LOW
MEDIUM
HIGH
CRITICAL
CVSS Filter
– CVEs match
No CVEs match the selected criteria
Loading...
Incoming
20
Pre-NVD – not yet scored
No vulnerabilities found for this date.
Data may not have been fetched yet.
Live Feed
auto-refresh 60s
Track CVEs for your stack
Sign up free →