Skip to main content
CVE-2017-12853 HIGH POC This Week

The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rwr 3G 100 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9660 HIGH This Week

A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Monitouch V Sft
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2017-9659 HIGH This Week

A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Monitouch V Sft
NVD
CVSS 3.0
8.8
EPSS
4.5%
CVE-2017-12426 HIGH This Week

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Gitlab
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-12851 HIGH PATCH This Week

An authenticated standard user could reset the password of the admin by altering form data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-12850 HIGH PATCH This Week

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-11150 HIGH This Week

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Synology Microsoft Command Injection PHP Office
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2017-11156 HIGH This Week

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Privilege Escalation Download Station
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-9648 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Wattconfig M
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9646 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heating Control Downloader
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1469 HIGH This Week

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection IBM Infosphere Information Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9661 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE SCADA
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy