Skip to main content
CVE-2017-13708 CRITICAL POC THREAT Emergency

Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.7%.

Buffer Overflow RCE Vx Search
NVD
CVSS 3.0
9.8
EPSS
70.7%
Threat
5.6
CVE-2017-0899 CRITICAL POC PATCH Act Now

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rubygems Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2017-14064 CRITICAL POC PATCH Act Now

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ruby Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14076 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14069 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14062 CRITICAL PATCH Act Now

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2 Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2015-7700 CRITICAL Act Now

Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pngcrush
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14061 CRITICAL PATCH Act Now

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2
NVD
CVSS 3.0
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy