Skip to main content
CVE-2015-2279 CRITICAL POC THREAT Emergency

cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.2%.

Command Injection Bu 2015 Firmware Bu 3026 Firmware Md 3025 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
42.2%
Threat
4.7
CVE-2015-2280 HIGH POC THREAT Act Now

snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.5%.

Command Injection Skyipcam1620W Wireless N Mpeg4 3Gpp Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.5%
Threat
4.3
CVE-2016-10401 HIGH POC THREAT Act Now

ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Zyxel Authentication Bypass Pk5001Z Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2015-2798 CRITICAL POC Act Now

SQL injection vulnerability in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Contact Form Maker
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2015-8009 CRITICAL POC Act Now

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-9413 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Subsonic
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-1438 HIGH POC This Week

Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Panda Antivirus Pro 2015 Panda Global Protection 2015 Panda Gold Protection 2015 +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6753 HIGH Act Now

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Buffer Overflow RCE Microsoft Google Cisco +22
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2017-9233 HIGH POC This Week

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-7543 HIGH POC This Week

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Arts Kdelibs
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-4462 MEDIUM POC This Month

Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP File Upload Efront
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-4463 MEDIUM POC This Month

The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Efront
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-11459 CRITICAL Act Now

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection SAP Trex
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2015-5594 MEDIUM POC This Month

The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenphoto
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-11617 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atmail
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3278 CRITICAL Act Now

The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nss Compat Ossl
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11614 CRITICAL Act Now

MEDHOST Connex contains hard-coded credentials that are used for customer database access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Connex
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11626 MEDIUM POC This Month

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-11625 MEDIUM POC This Month

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-11627 MEDIUM POC This Month

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-11624 MEDIUM POC This Month

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-1332 HIGH This Week

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Denial Of Service RCE Ubuntu Linux +1
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-6612 HIGH This Week

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Asr 5000 Series Software
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-7539 HIGH PATCH This Week

Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2015-6585 HIGH This Week

hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hangul Word Processor
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2015-4035 HIGH This Week

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Xz
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-11566 HIGH This Week

AppUse 4.0 allows shell command injection via a proxy field. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Appuse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-11628 HIGH This Week

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PHP
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8033 HIGH This Week

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Capi Release Cf Release
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-7980 HIGH PATCH This Week

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Qemu Ubuntu Linux +9
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-7541 HIGH PATCH This Week

The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Broadcom Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2015-1417 HIGH This Week

The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2015-8013 HIGH PATCH This Week

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openpgpjs
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-6746 HIGH This Week

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2017-6750 HIGH This Week

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6751 HIGH This Week

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-11499 HIGH PATCH This Week

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-1847 HIGH This Week

Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Appserver
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6672 HIGH This Week

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asr 5000 Series Software
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8035 HIGH This Week

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Release
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-6748 MEDIUM This Month

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2017-9457 MEDIUM This Month

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intense Pc Firmware
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-11457 MEDIUM This Month

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2015-5187 MEDIUM This Month

Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Candlepin
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8919 MEDIUM This Month

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Api Services
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-6755 MEDIUM This Month

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-11458 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2015-0674 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Cloud Web Security
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11460 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Portal
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6133 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ektron Content Management System
NVD
CVSS 3.0
6.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy