Skip to main content
CVE-2017-7991 CRITICAL POC Act Now

Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-8056 MEDIUM POC THREAT This Month

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Watchguard Denial Of Service XXE Fireware
NVD
CVSS 3.0
5.3
EPSS
11.4%
CVE-2017-8054 MEDIUM POC This Month

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-8053 MEDIUM POC This Month

PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-8055 MEDIUM POC This Month

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-8052 MEDIUM PATCH This Month

Craft CMS before 2.6.2974 allows XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD
CVSS 3.0
6.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy