Skip to main content
CVE-2017-0199 HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Microsoft Office 2007-2016 and Windows Vista through 10 allows attackers to execute arbitrary code via malicious RTF or Office documents exploiting Windows API object linking. Confirmed actively exploited (CISA KEV) with EPSS score of 94.33% indicating near-certain real-world exploitation probability. Multiple public exploit codes available including weaponized RTF generators. Despite local attack vector classification (AV:L), exploitation occurs remotely through email/web delivery of crafted documents requiring only user interaction to open the file.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
94.3%
Threat
9.4
CVE-2016-7552 CRITICAL POC THREAT Emergency

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Path Traversal Trend Micro Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
93.0%
Threat
6.2
CVE-2016-7547 CRITICAL POC THREAT Emergency

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Trend Micro Information Disclosure Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
89.4%
Threat
6.1
CVE-2017-0210 HIGH KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 42.1%.

Code Injection
NVD
CVSS 3.1
8.8
EPSS
42.1%
Threat
4.5
CVE-2017-7722 CRITICAL POC PATCH THREAT Act Now

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

Command Injection Log Event Manager
NVD
CVSS 3.0
10.0
EPSS
49.9%
Threat
5.0
CVE-2017-3061 CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
Threat
5.1
CVE-2017-0202 HIGH POC PATCH THREAT Act Now

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 61.9%.

Buffer Overflow RCE Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
61.9%
Threat
4.9
CVE-2016-6808 CRITICAL POC THREAT Emergency

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.5%.

Buffer Overflow Tomcat Apache Tomcat Jk Connector
NVD
CVSS 3.0
9.8
EPSS
29.5%
Threat
4.3
CVE-2016-5313 HIGH POC THREAT Act Now

Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.8%.

Command Injection Web Gateway
NVD
CVSS 3.0
8.8
EPSS
25.8%
Threat
4.0
CVE-2017-3006 HIGH POC THREAT Act Now

Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.1%.

Adobe Information Disclosure Creative Cloud
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.1%
Threat
4.0
CVE-2017-7588 CRITICAL POC THREAT Emergency

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

Authentication Bypass Mfc Firmware Dcp Firmware Ads Firmware Hl Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
16.6%
Threat
4.0
CVE-2017-7280 CRITICAL POC THREAT Emergency

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE PHP Enterprise Backup
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2017-0160 HIGH POC PATCH THREAT Act Now

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

RCE Microsoft Net Framework
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
13.0%
CVE-2016-4337 CRITICAL POC Act Now

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Photostore
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2017-0194 MEDIUM PATCH This Month

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 44.2%.

Microsoft Information Disclosure Excel Office Compatibility Pack
NVD
CVSS 3.0
5.5
EPSS
44.2%
CVE-2017-0165 HIGH POC PATCH THREAT Act Now

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
12.7%
CVE-2017-7281 HIGH POC This Week

An issue was discovered in Unitrends Enterprise Backup before 9.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
7.4%
CVE-2015-7564 CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Teampass
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-7719 CRITICAL POC Act Now

SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Spider Event Calendar
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-0211 MEDIUM POC PATCH THREAT This Month

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
22.3%
CVE-2017-7284 HIGH POC This Week

An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2017-0200 HIGH PATCH Act Now

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 29.4%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
29.4%
CVE-2017-0197 HIGH PATCH Act Now

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.8%.

RCE Microsoft Onenote
NVD
CVSS 3.0
7.8
EPSS
27.8%
CVE-2016-8718 HIGH POC This Week

An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Awk 3131A Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2015-7563 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Teampass
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-3064 HIGH POC This Week

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.8%
CVE-2017-0201 HIGH PATCH Act Now

A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.9%.

Buffer Overflow RCE Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
23.9%
CVE-2017-0058 MEDIUM POC PATCH THREAT This Month

A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. Rated medium severity (CVSS 4.7). Public exploit code available and EPSS exploitation probability 16.5%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
16.5%
CVE-2016-9959 HIGH POC PATCH This Week

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Leap Opensuse Linux Enterprise +5
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-9958 HIGH POC PATCH This Week

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Leap Opensuse Linux Enterprise Linux Enterprise Desktop +4
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-9957 HIGH POC PATCH This Week

Stack-based buffer overflow in game-music-emu before 0.6.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Leap Opensuse Linux Enterprise Linux Enterprise Desktop +4
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0093 HIGH PATCH Act Now

A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.4%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
21.4%
CVE-2017-3060 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Information Disclosure Flash Player
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2016-8716 HIGH POC This Week

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-0167 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
9.8%
CVE-2017-0158 HIGH PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.8%.

Buffer Overflow Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.5
EPSS
19.8%
CVE-2017-0205 HIGH PATCH Act Now

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 18.8%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
18.8%
CVE-2017-7279 CRITICAL Act Now

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Backup
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2017-3063 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3062 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3059 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2015-7562 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-3037 CRITICAL Act Now

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-8719 MEDIUM POC This Month

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Awk 3131A Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-0106 HIGH PATCH Act Now

Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.8%.

Buffer Overflow RCE Microsoft Denial Of Service Outlook
NVD
CVSS 3.0
7.8
EPSS
10.8%
CVE-2017-2989 CRITICAL Act Now

Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Campaign
NVD
CVSS 3.0
9.1
EPSS
3.5%
CVE-2017-3004 HIGH This Week

Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop Cc
NVD
CVSS 3.0
7.8
EPSS
9.1%
CVE-2017-7742 MEDIUM POC PATCH This Month

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-7741 MEDIUM POC PATCH This Month

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4895 HIGH This Week

SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Setucocms
NVD
CVSS 3.0
8.8
EPSS
1.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy