Skip to main content
CVE-2017-14147 CRITICAL POC THREAT Emergency

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.4%.

Authentication Bypass Adsl An1020 25 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
73.4%
Threat
5.7
CVE-2017-6627 HIGH KEV THREAT Act Now

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.8%.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
10.8%
CVE-2015-3313 CRITICAL POC THREAT Emergency

SQL injection vulnerability in WordPress Community Events plugin before 1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.5%.

WordPress SQLi Community Events
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.5%
Threat
4.0
CVE-2017-9834 CRITICAL POC THREAT Emergency

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

WordPress SQLi PHP Watupro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.5%
CVE-2017-12794 MEDIUM POC PATCH THREAT This Month

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

XSS Python Django
NVD
CVSS 3.0
6.1
EPSS
21.0%
CVE-2017-13771 CRITICAL POC Act Now

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Scan To Network
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-3314 HIGH POC This Week

SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress SQLi Tune Library
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
8.8%
CVE-2017-13713 HIGH POC This Week

T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wifi Repeater Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.6%
CVE-2017-11567 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Mongoose Embedded Web Server Library
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-12838 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nexusphp
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-14181 HIGH POC This Week

DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Aacplusenc
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-3222 HIGH POC This Week

syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

RCE Privilege Escalation Ossec
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
0.5%
CVE-2017-14173 MEDIUM POC PATCH This Month

In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2015-3991 CRITICAL Act Now

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Strongswan
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2017-14174 MEDIUM POC PATCH This Month

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-14175 MEDIUM POC PATCH This Month

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2017-14172 MEDIUM POC PATCH This Month

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2015-4629 CRITICAL Act Now

Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation E5756S Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-14219 MEDIUM POC This Month

XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wrn 240 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3442 CRITICAL Act Now

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Xpert Line
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2015-5060 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anchor Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12906 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9458 CRITICAL Act Now

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF Paloalto XXE Pan Os
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-10405 CRITICAL Act Now

Session fixation vulnerability in D-Link DIR-600L routers (rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation D-Link Information Disclosure Dir 600L Firmware
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2015-5052 CRITICAL Act Now

SQL injection vulnerability in Sefrengo before 1.6.5 beta2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sefrengo
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-4627 CRITICAL Act Now

SQL injection vulnerability in Pragyan CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Pragyan Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-13754 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codemeter
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2015-7672 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Centreon
NVD GitHub
CVSS 3.0
5.4
EPSS
0.0%
CVE-2017-12216 HIGH This Week

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Information Disclosure Socialminer
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2016-0732 HIGH This Week

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cf Release User Account And Authentication Uaa Release +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-14169 HIGH PATCH This Week

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4619 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Spina
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4724 HIGH This Week

SQL injection vulnerability in Concrete5 5.7.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Concrete Cms
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4697 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google CSRF Google Analyticator
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2014-9565 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Ib6131 Firmware En6131 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-3250 HIGH PATCH This Week

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Directory Ldap Api
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-6791 HIGH This Week

A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-9779 HIGH This Week

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ocaml
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-1590 HIGH PATCH This Week

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Kamailio
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2013-7428 HIGH This Week

The Googlemaps plugin before 3.1 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP Googlemaps
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-6780 HIGH This Week

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Connected Grid Network Management System Iot Field Network Director
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6631 HIGH This Week

A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Yesmax Hd Firmware Yesmaxtotal Firmware Yesquattro Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6362 HIGH PATCH This Week

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgd Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-4085 HIGH This Week

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Etherpad
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6794 MEDIUM This Month

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Meeting Server
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2017-6796 MEDIUM This Month

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-12224 MEDIUM This Month

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Server
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14171 MEDIUM PATCH This Month

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14170 MEDIUM PATCH This Month

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12225 MEDIUM This Month

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Lan Management Solution
NVD
CVSS 3.0
6.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy