Skip to main content
CVE-2017-12611 CRITICAL POC PATCH THREAT Act Now

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.2%.

Apache Information Disclosure Struts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.2%
Threat
6.3
CVE-2015-4073 CRITICAL POC THREAT Emergency

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

SQLi Helpdesk Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.2%
CVE-2017-14596 CRITICAL POC Act Now

In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LDAP Code Injection Information Disclosure Joomla
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-6795 CRITICAL PATCH Act Now

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Apache RCE Struts
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2015-6673 CRITICAL Act Now

Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Libpgf
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8771 CRITICAL Act Now

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Repeater Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-8772 CRITICAL Act Now

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Repeater Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-14608 CRITICAL PATCH Act Now

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libraw
NVD GitHub
CVSS 3.0
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy