Skip to main content
CVE-2017-9822 HIGH POC KEV PATCH THREAT Act Now

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Code Injection RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
94.3%
Threat
7.6
CVE-2017-6316 CRITICAL POC KEV THREAT Emergency

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Citrix Information Disclosure
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
87.8%
Threat
7.6
CVE-2017-11467 CRITICAL POC PATCH THREAT Act Now

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.3%.

Privilege Escalation Orientdb
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
76.3%
Threat
5.7
CVE-2017-7047 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.5%.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +3
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
22.5%
CVE-2017-11502 CRITICAL POC THREAT Emergency

Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Information Disclosure Dpc3928Ad Docsis Wireless Router Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.3%
CVE-2017-7042 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.4%
CVE-2017-7041 HIGH POC THREAT Act Now

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.3%
CVE-2017-7061 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
8.1%
CVE-2017-11495 CRITICAL POC Act Now

PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE K2 Psg1218 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-7056 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.5%
CVE-2017-11471 CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-11470 CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-9765 HIGH POC This Week

Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Gsoap
NVD
CVSS 3.0
8.1
EPSS
9.1%
CVE-2017-7049 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.8%
CVE-2017-7046 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.8%
CVE-2017-7048 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.4%
CVE-2017-7043 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +5
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-7040 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +5
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-7039 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-7037 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-7018 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-11469 HIGH POC This Week

get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
7.2%
CVE-2017-11466 HIGH POC PATCH This Week

Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Path Traversal Dotcms
NVD GitHub
CVSS 3.0
7.2
EPSS
3.1%
CVE-2017-11500 HIGH POC This Week

A directory traversal vulnerability exists in MetInfo 5.3.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Metinfo
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-7062 CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +3
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2017-11503 MEDIUM POC PATCH This Month

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Phpmailer
NVD GitHub
CVSS 3.0
6.1
EPSS
2.9%
CVE-2017-7060 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Safari Iphone Os
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-9785 CRITICAL PATCH Act Now

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization CSRF RCE Nancy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-0378 MEDIUM POC This Month

XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phamm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-7064 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apple Authentication Bypass Itunes Safari +2
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.3%
CVE-2017-10676 MEDIUM POC This Month

On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6531 CRITICAL Act Now

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coaxdata Gateway 1Gbps Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-6532 CRITICAL Act Now

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coaxdata Gateway 1Gbps Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-6530 CRITICAL Act Now

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Coaxdata Gateway 1Gbps Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-11474 CRITICAL PATCH Act Now

GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-7068 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +3
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-7055 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7052 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7012 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +4
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-7034 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7030 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7020 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-7019 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-11475 HIGH PATCH This Week

GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-7054 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Mac Os X
NVD
CVSS 3.0
8.0
EPSS
0.3%
CVE-2017-7051 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Mac Os X
NVD
CVSS 3.0
8.0
EPSS
0.3%
CVE-2017-7050 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Mac Os X
NVD
CVSS 3.0
8.0
EPSS
0.3%
CVE-2017-7063 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Iphone Os Watchos
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-7008 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-7033 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Mac Os X
NVD
CVSS 3.0
7.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy