Skip to main content
CVE-2016-2555 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

SQLi PHP Atutor
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2015-8282 CRITICAL POC THREAT Emergency

SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Authentication Bypass Spectrum Sdc
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.6%
Threat
4.2
CVE-2015-8271 CRITICAL POC Act Now

The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rtmpdump
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2014-7920 CRITICAL Act Now

mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
9.6%
CVE-2016-6143 CRITICAL Act Now

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Authentication Bypass Hana
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2016-1155 CRITICAL Act Now

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Code Injection Android
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2016-4899 CRITICAL Act Now

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Novabackup Datacenter
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2016-4898 CRITICAL Act Now

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Novabackup Datacenter
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2012-1301 CRITICAL Act Now

The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Umbraco Cms
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2015-6674 CRITICAL PATCH Act Now

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Inspircd Debian Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-6818 CRITICAL Act Now

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SQLi SAP Business Intelligence Platform
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-4800 CRITICAL PATCH Act Now

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Jetty
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-2566 CRITICAL Act Now

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-10324 CRITICAL PATCH Act Now

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Osip
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7628 CRITICAL PATCH Act Now

The "Smart related articles" extension 1.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Smart Related Articles
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-7921 CRITICAL Act Now

mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-2947 CRITICAL Act Now

KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kancolleviewer
NVD
CVSS 3.0
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy