Skip to main content
CVE-2017-0781 HIGH POC PATCH THREAT Act Now

A remote code execution vulnerability in the Android system (bluetooth). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.8%.

Buffer Overflow RCE Google Android
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
41.8%
Threat
4.5
CVE-2017-0782 HIGH PATCH Act Now

A remote code execution vulnerability in the Android system (bluetooth). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.0%.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
8.8
EPSS
27.0%
CVE-2017-1002026 HIGH POC This Week

Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Event Espresso
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1002004 HIGH POC This Week

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Dtracker
NVD
CVSS 3.0
7.5
EPSS
5.5%
CVE-2017-1002005 HIGH POC This Week

Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Dtracker
NVD
CVSS 3.0
7.5
EPSS
5.4%
CVE-2017-1002007 HIGH POC This Week

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Dtracker
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2017-1002006 HIGH POC This Week

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Dtracker
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2017-13779 HIGH POC This Week

GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE India Goods And Services Tax Network Offline Utility Tool
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-2809 HIGH POC PATCH This Week

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Python Hashicorp Code Injection Ansible Vault
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-1002025 HIGH POC This Week

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Add Edit Delete Listing For Member Module
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2017-14482 HIGH PATCH This Week

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Emacs Debian Linux
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2017-12989 HIGH PATCH This Week

The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tcpdump
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-1002151 HIGH PATCH This Week

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Pagure
NVD
CVSS 3.1
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy