Skip to main content
CVE-2016-10329 CRITICAL POC THREAT Emergency

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

RCE Synology PHP Command Injection Photo Station
NVD
CVSS 3.0
9.8
EPSS
11.3%
CVE-2017-8923 CRITICAL POC Act Now

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service PHP
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2017-7474 CRITICAL PATCH Act Now

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Keycloak Nodejs Auth Utils
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-8911 CRITICAL PATCH Act Now

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Tnef
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy