Skip to main content
CVE-2014-8687 CRITICAL POC THREAT Emergency

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

RCE Business Nas Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
49.9%
Threat
5.0
CVE-2017-6640 CRITICAL Emergency

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.1% and no vendor patch available.

Microsoft Cisco Privilege Escalation Prime Data Center Network Manager
NVD
CVSS 3.0
9.8
EPSS
46.1%
CVE-2016-4473 CRITICAL POC THREAT Emergency

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.8%.

Memory Corruption PHP Use After Free RCE Linux Enterprise Module For Web Scripting +1
NVD
CVSS 3.0
9.8
EPSS
16.8%
Threat
4.0
CVE-2017-4901 CRITICAL POC THREAT Emergency

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Buffer Overflow VMware Fusion Workstation
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
14.1%
CVE-2017-6639 CRITICAL Emergency

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

RCE Microsoft Cisco Prime Data Center Network Manager
NVD
CVSS 3.0
9.8
EPSS
33.8%
CVE-2015-2692 CRITICAL POC PATCH Act Now

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Adblock
NVD GitHub
CVSS 3.0
10.0
EPSS
0.8%
CVE-2017-7180 HIGH POC This Week

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Net Monitor For Employees
NVD Exploit-DB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2017-4918 CRITICAL Act Now

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Command Injection Horizon View
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-5878 CRITICAL Act Now

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java RCE Media Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2017-4907 CRITICAL Act Now

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Horizon View Unified Access Gateway
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2016-3690 CRITICAL Act Now

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Jboss Enterprise Application Platform
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-5405 CRITICAL Act Now

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-7050 CRITICAL Act Now

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6093 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-2034 CRITICAL Act Now

SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Clearpass
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-5648 MEDIUM POC This Month

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Acer Portal
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2017-9516 MEDIUM POC PATCH This Month

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.8%
CVE-2016-3095 MEDIUM POC PATCH This Month

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Fedora Pulp
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-4471 HIGH This Week

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Cloudforms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2015-2252 HIGH This Week

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Huawei Oceanstor Uds Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2014-3498 HIGH PATCH This Week

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ansible
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-9519 HIGH This Week

atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atmail
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9518 HIGH This Week

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atmail
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9517 HIGH This Week

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atmail
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-1786 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Zend Framework
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9698 HIGH PATCH This Week

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Rhapsody Design Manager
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-6098 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2015-2800 HIGH This Week

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass S5700 Firmware S5300 Firmware +5
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2016-9991 HIGH PATCH This Week

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2015-1379 HIGH PATCH This Week

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Socat
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2015-3634 HIGH PATCH This Week

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Slideshow
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-4912 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4911 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Memory Corruption VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4910 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4909 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Denial Of Service Microsoft VMware Horizon View +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4908 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow Denial Of Service Microsoft VMware Horizon View +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8108 HIGH This Week

Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lynis
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6638 HIGH This Week

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4913 HIGH This Week

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. Rated high severity (CVSS 7.8). No vendor patch available.

Integer Overflow Denial Of Service Microsoft VMware Horizon View +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9022 HIGH This Week

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-9023 HIGH This Week

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2016-6594 HIGH This Week

Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Secure Gateway Cacheflow Proxysg
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6648 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Ce Software Telepresence Tc Software
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-3091 HIGH This Week

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Diego
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4992 HIGH This Week

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3112 HIGH PATCH This Week

client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Pulp
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-5416 HIGH This Week

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3099 HIGH This Week

mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-7919 HIGH This Week

b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Android
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-3913 HIGH This Week

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S2300 Firmware S2700 Firmware S3300 Firmware +19
NVD
CVSS 3.0
7.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy