Skip to main content
CVE-2017-9841 CRITICAL POC KEV PATCH THREAT Act Now

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

PHP Code Injection RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2017-9830 CRITICAL Act Now

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Apache RCE Crashplan
NVD
CVSS 3.0
9.8
EPSS
9.2%
CVE-2015-1778 CRITICAL PATCH GHSA Act Now

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Tomcat Authentication Bypass Opendaylight
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-0959 CRITICAL Act Now

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Adobe +8
NVD
CVSS 3.0
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy