Skip to main content
CVE-2015-2280 HIGH POC THREAT Act Now

snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.5%.

Command Injection Skyipcam1620W Wireless N Mpeg4 3Gpp Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.5%
Threat
4.3
CVE-2016-10401 HIGH POC THREAT Act Now

ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Zyxel Authentication Bypass Pk5001Z Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2017-9413 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Subsonic
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-1438 HIGH POC This Week

Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Panda Antivirus Pro 2015 Panda Global Protection 2015 Panda Gold Protection 2015 +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6753 HIGH Act Now

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Buffer Overflow RCE Microsoft Google Cisco +22
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2017-9233 HIGH POC This Week

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-7543 HIGH POC This Week

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Arts Kdelibs
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-1332 HIGH This Week

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Denial Of Service RCE Ubuntu Linux +1
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-6612 HIGH This Week

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Asr 5000 Series Software
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-7539 HIGH PATCH This Week

Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2015-6585 HIGH This Week

hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Hangul Word Processor
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2015-4035 HIGH This Week

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Xz
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-11566 HIGH This Week

AppUse 4.0 allows shell command injection via a proxy field. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Appuse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-11628 HIGH This Week

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PHP
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8033 HIGH This Week

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Capi Release Cf Release
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-7980 HIGH PATCH This Week

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Qemu Ubuntu Linux +9
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-7541 HIGH PATCH This Week

The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Broadcom Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2015-1417 HIGH This Week

The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2015-8013 HIGH PATCH This Week

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openpgpjs
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-6746 HIGH This Week

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2017-6750 HIGH This Week

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6751 HIGH This Week

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-11499 HIGH PATCH This Week

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-1847 HIGH This Week

Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Appserver
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6672 HIGH This Week

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asr 5000 Series Software
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8035 HIGH This Week

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Release
NVD
CVSS 3.1
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy