Skip to main content
CVE-2015-5958 HIGH POC THREAT Act Now

phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.5%.

Command Injection Phpfilemanager
NVD
CVSS 3.1
8.8
EPSS
43.5%
Threat
4.6
CVE-2014-8675 HIGH POC THREAT Act Now

Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.0%.

Information Disclosure Soplanning
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
36.0%
Threat
4.1
CVE-2017-0901 HIGH POC PATCH THREAT Act Now

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Path Traversal Rubygems Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
18.6%
CVE-2017-0900 HIGH POC PATCH THREAT Act Now

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Denial Of Service Rubygems Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
7.5
EPSS
11.2%
CVE-2017-0902 HIGH POC PATCH This Week

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Rubygems Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.0
8.1
EPSS
5.2%
CVE-2016-10509 HIGH POC PATCH This Week

SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Opencart
NVD GitHub
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-14050 HIGH This Week

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Blackcat Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-14048 HIGH This Week

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Blackcat Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-14063 HIGH PATCH This Week

Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Async Http Client
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2017-11158 HIGH This Week

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Microsoft Cloud Station Drive
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5795 HIGH This Week

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XXE I Vu Sitescan Web Automatedlogic Webctrl
NVD
CVSS 3.0
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy