Skip to main content
CVE-2017-7462 CRITICAL POC THREAT Emergency

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Path Traversal Nfc 30Ir Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.3%
CVE-2017-7695 CRITICAL POC PATCH Act Now

Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Bigtree Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-0779 CRITICAL PATCH Act Now

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache RCE Tomee
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2017-7689 CRITICAL Act Now

A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Command Injection Homelynk Controller Lss100100 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2016-1908 CRITICAL PATCH Act Now

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

SSH Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-7691 CRITICAL Act Now

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection SAP Trex
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2013-6647 CRITICAL Act Now

A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Use After Free Information Disclosure Chrome
NVD
CVSS 3.0
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy