Skip to main content
CVE-2017-14147 CRITICAL POC THREAT Emergency

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.4%.

Authentication Bypass Adsl An1020 25 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
73.4%
Threat
5.7
CVE-2015-3313 CRITICAL POC THREAT Emergency

SQL injection vulnerability in WordPress Community Events plugin before 1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.5%.

WordPress SQLi Community Events
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.5%
Threat
4.0
CVE-2017-9834 CRITICAL POC THREAT Emergency

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

WordPress SQLi PHP Watupro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.5%
CVE-2017-13771 CRITICAL POC Act Now

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Scan To Network
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-3991 CRITICAL Act Now

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Strongswan
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2015-4629 CRITICAL Act Now

Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation E5756S Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2015-3442 CRITICAL Act Now

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Xpert Line
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2017-9458 CRITICAL Act Now

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF Paloalto XXE Pan Os
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-10405 CRITICAL Act Now

Session fixation vulnerability in D-Link DIR-600L routers (rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation D-Link Information Disclosure Dir 600L Firmware
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2015-5052 CRITICAL Act Now

SQL injection vulnerability in Sefrengo before 1.6.5 beta2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sefrengo
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-4627 CRITICAL Act Now

SQL injection vulnerability in Pragyan CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Pragyan Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy