Skip to main content
CVE-2017-3066 CRITICAL POC KEV PATCH THREAT Act Now

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization flaws in the bundled Apache BlazeDS library. This critical vulnerability affects ColdFusion 10 (all updates through 22), ColdFusion 11 (through Update 11), and ColdFusion 2016 (through Update 3). CISA confirms active exploitation in the wild with publicly available exploit code (Exploit-DB 43993), and EPSS scoring at 93.36% (100th percentile) indicates extremely high real-world exploitation likelihood. The network-accessible attack vector requiring no authentication or user interaction makes this a top-priority remediation target for any organization running affected ColdFusion versions.

Java Deserialization Apache RCE Adobe
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.4%
Threat
9.8
CVE-2017-5135 CRITICAL POC THREAT Emergency

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Cisco Authentication Bypass Dpc3928Sl Firmware
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
22.4%
Threat
4.0
CVE-2017-8307 CRITICAL POC Act Now

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Antivirus
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-8297 CRITICAL Act Now

A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Simple File Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-8287 CRITICAL PATCH Act Now

FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Freetype
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-8305 CRITICAL Act Now

The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Udfclient
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-8289 CRITICAL PATCH Act Now

Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy