Skip to main content
CVE-2015-8299 CRITICAL POC THREAT Emergency

Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Buffer Overflow RCE Ets
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2017-13715 CRITICAL PATCH Act Now

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service RCE Linux Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
13.1%
CVE-2017-12865 CRITICAL PATCH Act Now

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Connman Debian Linux
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2015-7517 CRITICAL Act Now

Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Double Opt In For Download
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2017-10832 CRITICAL Act Now

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Scr02Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2013-7426 CRITICAL PATCH Act Now

Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Kamailio
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-1376 CRITICAL Act Now

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Operations Analytics Predictive Insights
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-10842 CRITICAL PATCH Act Now

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Basercms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-10833 CRITICAL Act Now

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scr02Hd Firmware
NVD
CVSS 3.0
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy