Skip to main content
CVE-2015-0936 CRITICAL POC THREAT Emergency

Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.3%.

Information Disclosure Fibeair Ip 10 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
86.3%
Threat
6.0
CVE-2017-8386 HIGH POC THREAT Act Now

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

Information Disclosure Git Shell Leap Debian Linux Ubuntu Linux +1
NVD
CVSS 3.0
8.8
EPSS
73.3%
Threat
5.5
CVE-2015-5473 CRITICAL Emergency

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.9% and no vendor patch available.

Path Traversal Samsung RCE Syncthru 6
NVD
CVSS 3.0
9.8
EPSS
46.9%
CVE-2015-6531 HIGH POC This Week

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Paloalto Code Injection Python Pan Os
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-7384 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flip Pdf
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9331 MEDIUM POC PATCH This Month

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Epesi
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9334 HIGH PATCH This Week

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Chicken
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-7999 MEDIUM This Month

Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Eucalyptus
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3127 MEDIUM This Month

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-9336 MEDIUM This Month

The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Editor Md
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9337 MEDIUM This Month

The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Markdown On Save Improved
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6512 MEDIUM This Month

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2017-9060 MEDIUM PATCH This Month

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy