Skip to main content
CVE-2014-8687 CRITICAL POC THREAT Emergency

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

RCE Business Nas Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
49.9%
Threat
5.0
CVE-2017-6640 CRITICAL Emergency

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.1% and no vendor patch available.

Microsoft Cisco Privilege Escalation Prime Data Center Network Manager
NVD
CVSS 3.0
9.8
EPSS
46.1%
CVE-2016-4473 CRITICAL POC THREAT Emergency

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.8%.

Memory Corruption PHP Use After Free RCE Linux Enterprise Module For Web Scripting +1
NVD
CVSS 3.0
9.8
EPSS
16.8%
Threat
4.0
CVE-2017-4901 CRITICAL POC THREAT Emergency

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Buffer Overflow VMware Fusion Workstation
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
14.1%
CVE-2017-6639 CRITICAL Emergency

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

RCE Microsoft Cisco Prime Data Center Network Manager
NVD
CVSS 3.0
9.8
EPSS
33.8%
CVE-2015-2692 CRITICAL POC PATCH Act Now

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Adblock
NVD GitHub
CVSS 3.0
10.0
EPSS
0.8%
CVE-2017-4918 CRITICAL Act Now

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Command Injection Horizon View
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-5878 CRITICAL Act Now

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java RCE Media Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2017-4907 CRITICAL Act Now

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Horizon View Unified Access Gateway
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2016-3690 CRITICAL Act Now

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Jboss Enterprise Application Platform
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-5405 CRITICAL Act Now

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-7050 CRITICAL Act Now

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6093 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-2034 CRITICAL Act Now

SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Clearpass
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy