Skip to main content
CVE-2017-12853 HIGH POC This Week

The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rwr 3G 100 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9653 CRITICAL Act Now

An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass Pi Integrator For Business Analystics Pi Integrator For Microsoft Azure +1
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-9660 HIGH This Week

A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Monitouch V Sft
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2017-9659 HIGH This Week

A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Monitouch V Sft
NVD
CVSS 3.0
8.8
EPSS
4.5%
CVE-2017-12426 HIGH This Week

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Gitlab
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-12851 HIGH PATCH This Week

An authenticated standard user could reset the password of the admin by altering form data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-12850 HIGH PATCH This Week

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-11150 HIGH This Week

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Synology Microsoft Command Injection PHP Office
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2017-11156 HIGH This Week

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Privilege Escalation Download Station
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-9648 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Wattconfig M
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9646 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heating Control Downloader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1469 HIGH This Week

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection IBM Infosphere Information Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9661 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE SCADA
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2017-11149 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Download Station
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1190 MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. Rated medium severity (CVSS 6.4).

RCE IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2017-9802 MEDIUM PATCH This Month

The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Sling Servlets Post
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-6029 MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Emptoris Strategic Supply Management
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-9655 MEDIUM This Month

A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft SAP Pi Integrator For Business Analystics Pi Integrator For Microsoft Azure +1
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6021 MEDIUM PATCH This Month

IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9662 MEDIUM This Month

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Monitouch V Sft
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy