Skip to main content
CVE-2017-3506 HIGH POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Oracle Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
94.4%
Threat
7.3
CVE-2017-5030 HIGH POC KEV THREAT Act Now

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Google Information Disclosure RCE Microsoft +1
NVD
CVSS 3.1
8.8
EPSS
50.7%
Threat
6.3
CVE-2017-3623 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

Information Disclosure Oracle Solaris
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
76.9%
Threat
5.8
CVE-2015-7245 HIGH POC THREAT Act Now

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Path Traversal D-Link Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
89.4%
Threat
5.7
CVE-2017-3599 HIGH POC PATCH THREAT Act Now

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.3%.

Integer Overflow Denial Of Service Oracle MySQL
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
87.3%
Threat
5.6
CVE-2015-7246 CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 33.1%.

D-Link Authentication Bypass Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
33.1%
Threat
4.5
CVE-2017-3548 MEDIUM POC PATCH THREAT This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.2%.

Denial Of Service XXE Oracle Peoplesoft Enterprise Peopletools
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
49.2%
Threat
4.3
CVE-2015-7247 CRITICAL POC THREAT Emergency

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
30.9%
Threat
4.4
CVE-2017-3549 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

SQLi Authentication Bypass Oracle Scripting
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
31.0%
Threat
4.3
CVE-2017-3622 HIGH POC PATCH THREAT Act Now

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 19.6%.

Information Disclosure Oracle Solaris
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
19.6%
CVE-2017-3528 MEDIUM POC PATCH THREAT This Month

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.2%.

Open Redirect Microsoft Oracle Applications Framework
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
43.2%
CVE-2015-7568 CRITICAL POC PATCH Act Now

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Yeager Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.9%
CVE-2015-0104 HIGH POC PATCH This Week

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE IBM Authentication Bypass Change And Configuration Management Database Maximo Asset Management +9
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.0%
CVE-2015-7569 HIGH POC PATCH This Week

SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Yeager Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7852 HIGH POC This Week

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 2230L Firmware Dcs 2310L Firmware Dcs 2332L Firmware +23
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-3576 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3561 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3563 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3558 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.5
EPSS
0.2%
CVE-2017-3587 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
0.3%
CVE-2016-4313 HIGH POC This Week

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Extplorer
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.2%
CVE-2015-7570 HIGH POC PATCH This Week

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF PHP Yeager Cms
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.2%
CVE-2017-8099 HIGH POC This Week

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Whizz
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-3575 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
7.9
EPSS
0.5%
CVE-2015-0107 MEDIUM POC This Month

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal IBM Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +8
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.2%
CVE-2015-8110 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1000361 HIGH POC This Week

DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opendaylight
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000357 HIGH POC This Week

Denial of Service attack when the switch rejects to receive packets from the controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Opendaylight
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-8109 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Lenovo Lenovo System Update
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-3546 MEDIUM POC PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Oracle Peoplesoft Enterprise Peopletools
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.3%
CVE-2017-8082 MEDIUM POC This Month

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Concrete Cms
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-1000358 MEDIUM POC This Month

Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Opendaylight
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-8100 MEDIUM POC This Month

There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Copysafe Web Protection
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6903 CRITICAL PATCH Act Now

lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Lshell
NVD GitHub
CVSS 3.0
9.9
EPSS
2.1%
CVE-2016-6902 CRITICAL PATCH Act Now

lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Lshell
NVD GitHub
CVSS 3.0
9.9
EPSS
2.1%
CVE-2017-3234 CRITICAL PATCH Act Now

Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Automatic Service Request
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2014-9654 CRITICAL Act Now

The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-8105 CRITICAL PATCH Act Now

FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Freetype Debian Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-3503 CRITICAL PATCH Act Now

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Apache Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
9.9
EPSS
1.1%
CVE-2017-2320 CRITICAL Act Now

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
10.0
EPSS
0.5%
CVE-2017-3553 CRITICAL Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Identity Manager
NVD
CVSS 3.0
9.9
EPSS
0.9%
CVE-2017-3230 HIGH PATCH This Week

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Fusion Middleware Mapviewer
NVD
CVSS 3.0
8.6
EPSS
5.9%
CVE-2017-3510 CRITICAL PATCH Act Now

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.0
9.6
EPSS
0.5%
CVE-2017-3508 CRITICAL PATCH Act Now

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Primavera Gateway
NVD
CVSS 3.0
9.1
EPSS
2.8%
CVE-2017-8104 MEDIUM POC PATCH This Month

In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mybb
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2017-8102 MEDIUM POC This Month

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Serendipity
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1000359 MEDIUM POC This Month

Java out of memory error and significant increase in resource consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Opendaylight
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1000360 MEDIUM POC This Month

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Opendaylight
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-3512 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 3.0
8.3
EPSS
5.1%
CVE-2017-5029 HIGH PATCH This Week

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Microsoft Google Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy