Skip to main content
CVE-2015-8249 CRITICAL POC THREAT Emergency

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.2%.

File Upload Zoho Desktop Central
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.2%
Threat
5.9
CVE-2017-14849 HIGH POC PATCH THREAT Act Now

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.2%.

Path Traversal Node.js Node Js
NVD
CVSS 3.0
7.5
EPSS
90.2%
Threat
5.7
CVE-2017-11120 CRITICAL POC THREAT Emergency

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.4%.

Buffer Overflow Broadcom Bcm4355C0 Firmware Iphone Os Tvos
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.4%
Threat
4.2
CVE-2017-12814 CRITICAL POC Act Now

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Perl
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-11121 CRITICAL POC Act Now

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Broadcom Denial Of Service Bcm4355C0 Firmware Iphone Os +1
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-14840 HIGH POC This Week

TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ticketplus
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-14839 HIGH POC This Week

TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Photo Fusion
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-14838 HIGH POC This Week

TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Job Links
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-14847 HIGH POC This Week

Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpams Apartment Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14846 HIGH POC This Week

Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Hospital Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14845 HIGH POC This Week

Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpchurch Church Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14844 HIGH POC This Week

Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpgym Gym Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14843 HIGH POC This Week

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi School Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14842 HIGH POC This Week

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Smsmaster Multipurpose Sms Gateway
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-14796 HIGH POC This Week

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-14527 HIGH POC This Week

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft XXE Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-14795 HIGH POC This Week

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-10932 CRITICAL Act Now

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8% and no vendor patch available.

Zte Deserialization Apache RCE Java +6
NVD
CVSS 3.1
9.8
EPSS
13.8%
CVE-2015-1537 HIGH POC PATCH This Week

Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2015-1336 HIGH POC This Week

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Debian Authentication Bypass Man Db
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-3643 HIGH POC This Week

usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Privilege Escalation Usb Creator
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-2551 HIGH POC This Week

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Information Disclosure Backwpup
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-14841 MEDIUM POC This Month

Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Annual Maintenance Contract Management System
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.7%
CVE-2017-14524 MEDIUM POC This Month

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2015-7349 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Citrix Digipass
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14622 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP 2Kb Amazon Affiliates Store
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2014-9686 MEDIUM POC This Month

The Googlemaps plugin 3.2 and earlier for Joomla!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service PHP Googlemaps
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2017-12621 CRITICAL PATCH Act Now

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Commons Jelly
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2017-1407 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Security Identity Governance And Intelligence Security Identity Manager Security Privileged Identity Manager
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2015-1526 MEDIUM POC This Month

The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-5613 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14526 HIGH This Week

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft XXE Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11191 HIGH This Week

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Authentication Bypass Freeipa
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1483 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Security Identity Governance And Intelligence Security Identity Manager Security Privileged Identity Manager
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-1577 HIGH PATCH This Week

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Websphere Portal
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2015-3138 HIGH PATCH This Week

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tcpdump Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-13676 HIGH This Week

Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Code Injection Remove Reinstall
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2017-1591 MEDIUM PATCH This Month

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Datapower Gateway
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14525 MEDIUM This Month

Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14775 MEDIUM PATCH This Month

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Laravel
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-8878 MEDIUM PATCH This Month

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Kmail
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-7256 MEDIUM This Month

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Information Disclosure Nwa1100 N Firmware Nwa1100 Nh Firmware Nwa1121 Ni Firmware +22
NVD
CVSS 3.0
5.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy