Skip to main content
CVE-2015-2279 CRITICAL POC THREAT Emergency

cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.2%.

Command Injection Bu 2015 Firmware Bu 3026 Firmware Md 3025 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
42.2%
Threat
4.7
CVE-2015-2798 CRITICAL POC Act Now

SQL injection vulnerability in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Contact Form Maker
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2015-8009 CRITICAL POC Act Now

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11459 CRITICAL Act Now

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection SAP Trex
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2015-3278 CRITICAL Act Now

The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nss Compat Ossl
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11614 CRITICAL Act Now

MEDHOST Connex contains hard-coded credentials that are used for customer database access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Connex
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy