Skip to main content
CVE-2017-3506 HIGH POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Oracle Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
94.4%
Threat
7.3
CVE-2017-5030 HIGH POC KEV THREAT Act Now

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Google Information Disclosure RCE Microsoft +1
NVD
CVSS 3.1
8.8
EPSS
50.7%
Threat
6.3
CVE-2015-7245 HIGH POC THREAT Act Now

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Path Traversal D-Link Dvg N5402Sp Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
89.4%
Threat
5.7
CVE-2017-3599 HIGH POC PATCH THREAT Act Now

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.3%.

Integer Overflow Denial Of Service Oracle MySQL
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
87.3%
Threat
5.6
CVE-2017-3622 HIGH POC PATCH THREAT Act Now

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 19.6%.

Information Disclosure Oracle Solaris
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
19.6%
CVE-2015-0104 HIGH POC PATCH This Week

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE IBM Authentication Bypass Change And Configuration Management Database Maximo Asset Management +9
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.0%
CVE-2015-7569 HIGH POC PATCH This Week

SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Yeager Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7852 HIGH POC This Week

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 2230L Firmware Dcs 2310L Firmware Dcs 2332L Firmware +23
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-3576 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3561 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3563 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3558 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.5
EPSS
0.2%
CVE-2017-3587 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
0.3%
CVE-2016-4313 HIGH POC This Week

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Extplorer
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.2%
CVE-2015-7570 HIGH POC PATCH This Week

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF PHP Yeager Cms
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.2%
CVE-2017-8099 HIGH POC This Week

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Whizz
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-3575 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
7.9
EPSS
0.5%
CVE-2015-8110 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1000361 HIGH POC This Week

DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opendaylight
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-1000357 HIGH POC This Week

Denial of Service attack when the switch rejects to receive packets from the controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Opendaylight
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-8109 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Lenovo Lenovo System Update
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-3230 HIGH PATCH This Week

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Fusion Middleware Mapviewer
NVD
CVSS 3.0
8.6
EPSS
5.9%
CVE-2017-3512 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 3.0
8.3
EPSS
5.1%
CVE-2017-5029 HIGH PATCH This Week

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Microsoft Google Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2017-5043 HIGH This Week

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-2332 HIGH This Week

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Northstar Controller
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-5034 HIGH This Week

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5032 HIGH This Week

PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Microsoft Google Chrome
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5031 HIGH This Week

A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +1
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-3543 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-3542 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-3523 HIGH PATCH This Week

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Connector J
NVD
CVSS 3.0
8.5
EPSS
1.6%
CVE-2017-3540 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2017-8101 HIGH PATCH This Week

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Serendipity
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3691 HIGH PATCH This Week

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Kallithea
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3578 HIGH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit Software
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3500 HIGH PATCH This Week

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Primavera Gateway
NVD
CVSS 3.0
8.7
EPSS
0.5%
CVE-2017-3545 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.2
EPSS
3.0%
CVE-2017-2321 HIGH This Week

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-2317 HIGH This Week

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-3493 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
8.5
EPSS
0.7%
CVE-2017-3580 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
8.3
EPSS
1.6%
CVE-2017-3514 HIGH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 3.0
8.3
EPSS
1.2%
CVE-2017-3582 HIGH PATCH This Week

Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Supercluster Specific Software
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2319 HIGH This Week

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Northstar Controller
NVD
CVSS 3.0
8.3
EPSS
0.6%
CVE-2017-3306 HIGH PATCH This Week

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Mysql Enterprise Monitor
NVD
CVSS 3.0
8.3
EPSS
0.5%
CVE-2017-3601 HIGH PATCH This Week

Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Api Gateway
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-3541 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-3625 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Content
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-3583 HIGH PATCH This Week

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
8.1
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy