Skip to main content
CVE-2017-9769 CRITICAL POC THREAT Emergency

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.8%.

Information Disclosure Synapse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.8%
Threat
5.8
CVE-2015-2560 CRITICAL POC THREAT Emergency

Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.4%.

Privilege Escalation Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
20.4%
Threat
4.1
CVE-2017-11494 CRITICAL POC Act Now

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sol Connect Iset Mpp Meter Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-12199 CRITICAL POC Act Now

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Ultimate Product Catalog
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-12138 MEDIUM POC THREAT This Month

XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Open Redirect PHP Xoops
NVD GitHub
CVSS 3.0
6.1
EPSS
12.4%
CVE-2017-7890 MEDIUM PATCH This Month

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.2%.

PHP Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
30.2%
CVE-2017-8390 CRITICAL Act Now

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.0
9.8
EPSS
11.4%
CVE-2017-7642 HIGH POC This Week

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp VMware Information Disclosure Vagrant Vmware Fusion
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-11389 CRITICAL PATCH Act Now

Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Trend Micro RCE Control Manager
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2017-11386 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11385 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11384 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11383 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11356 MEDIUM POC This Month

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.0%
CVE-2015-7891 HIGH POC This Week

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Samsung Information Disclosure Samsung Mobile
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-11355 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.8%
CVE-2017-9244 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Trello
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-2690 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Addons Module
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-11388 HIGH PATCH This Week

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
8.8
EPSS
5.9%
CVE-2015-1174 CRITICAL Act Now

Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Teta Web
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-9770 MEDIUM POC This Month

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Razer Synapse
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1383 CRITICAL Act Now

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.0
9.1
EPSS
0.6%
CVE-2014-8903 HIGH This Week

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Command Injection Curam Social Program Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-11364 HIGH This Week

The CMS installer in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-2281 HIGH This Week

WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wn Ax1167Gr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-2280 HIGH This Week

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Wn Ax1167Gr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2138 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cs Cart Cs Cart Multivendor
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10664 HIGH PATCH This Week

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu Debian Linux Virtualization Openstack +6
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2017-1467 HIGH This Week

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Privilege Escalation Infosphere Information Server
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-9981 HIGH PATCH This Week

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Session Fixation IBM Information Disclosure Security Appscan
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2015-0839 HIGH This Week

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE HP Linux Imaging And Printing
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-2283 HIGH This Week

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Wn G300R3 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2015-8264 HIGH This Week

Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE F Secure Online Scanner
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-11387 HIGH PATCH This Week

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Authentication Bypass Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-2288 HIGH This Week

Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lhaforge
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2287 HIGH This Week

Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nfc Port Software Remover
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2286 HIGH This Week

Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nfc Port Firmware Pc Sc Activator For Type B Sfcard Viewer 2 Nfc Net Installer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2279 HIGH This Week

Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tween
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1468 HIGH This Week

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9247 HIGH This Week

Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sierra Wireless Em7345 Software Sierra Wireless Em7455 Software Sierra Wireless Location Sensor Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11390 HIGH PATCH This Week

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-1118 HIGH PATCH This Week

IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Mq Internet Pass Thru
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-2282 MEDIUM This Month

Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wn Ax1167Gr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-12140 MEDIUM PATCH This Month

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-7845 MEDIUM This Month

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Gigacc Office
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2012-5030 MEDIUM PATCH This Month

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Cisco iOS
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12145 MEDIUM PATCH This Month

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libquicktime
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12143 MEDIUM PATCH This Month

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libquicktime
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-0194 MEDIUM PATCH This Month

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XXE IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-11437 MEDIUM This Month

GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy