Skip to main content
CVE-2017-6627 HIGH KEV THREAT Act Now

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.8%.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
7.5
EPSS
10.8%
CVE-2015-3314 HIGH POC This Week

SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress SQLi Tune Library
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
8.8%
CVE-2017-13713 HIGH POC This Week

T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wifi Repeater Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.6%
CVE-2017-11567 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Mongoose Embedded Web Server Library
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-12838 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nexusphp
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-14181 HIGH POC This Week

DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Aacplusenc
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-3222 HIGH POC This Week

syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

RCE Privilege Escalation Ossec
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
0.5%
CVE-2017-12216 HIGH This Week

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Information Disclosure Socialminer
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2016-0732 HIGH This Week

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cf Release User Account And Authentication Uaa Release +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-14169 HIGH PATCH This Week

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4619 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Spina
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4724 HIGH This Week

SQL injection vulnerability in Concrete5 5.7.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Concrete Cms
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4697 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google CSRF Google Analyticator
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2014-9565 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Ib6131 Firmware En6131 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-3250 HIGH PATCH This Week

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Directory Ldap Api
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-6791 HIGH This Week

A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-9779 HIGH This Week

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ocaml
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-1590 HIGH PATCH This Week

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Kamailio
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2013-7428 HIGH This Week

The Googlemaps plugin before 3.1 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP Googlemaps
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-6780 HIGH This Week

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Connected Grid Network Management System Iot Field Network Director
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6631 HIGH This Week

A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Yesmax Hd Firmware Yesmaxtotal Firmware Yesquattro Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6362 HIGH PATCH This Week

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgd Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-4085 HIGH This Week

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Etherpad
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy