Skip to main content
CVE-2017-10271 HIGH POC KEV PATCH THREAT Act Now

Oracle WebLogic Server allows unauthenticated remote code execution through the WLS Security component's T3 protocol, massively exploited for cryptocurrency mining and botnet recruitment from 2017 onward.

Oracle Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
94.4%
Threat
9.3
CVE-2015-6668 HIGH POC THREAT Act Now

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.0%.

WordPress Information Disclosure Job Manager
NVD
CVSS 3.0
7.5
EPSS
84.0%
Threat
5.5
CVE-2017-10366 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.4%.

Information Disclosure Oracle Peoplesoft Enterprise Peopletools
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
64.4%
Threat
5.4
CVE-2017-12285 MEDIUM This Month

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 77.5% and no vendor patch available.

Path Traversal Cisco Prime Network Analysis Module
NVD
CVSS 3.0
5.3
EPSS
77.5%
CVE-2017-15647 HIGH POC THREAT Act Now

On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.9%.

Path Traversal Routerfiberhome Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
38.9%
Threat
4.2
CVE-2017-10955 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.5% and no vendor patch available.

Dell Command Injection RCE Data Protection Advisor
NVD
CVSS 3.1
8.8
EPSS
33.5%
CVE-2017-10352 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.7%.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.0
9.9
EPSS
27.7%
CVE-2017-15644 HIGH POC PATCH THREAT Act Now

SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

SSRF Webmin
NVD GitHub Exploit-DB
CVSS 3.0
8.6
EPSS
13.2%
CVE-2017-15645 HIGH POC PATCH This Week

CSRF exists in Webmin 1.850. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Webmin
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-15643 HIGH POC This Week

An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Request Smuggling Ikarus Antivirus
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
7.3%
CVE-2017-12579 HIGH POC This Week

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp VMware Information Disclosure Vagrant Vmware Fusion
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-15649 HIGH POC PATCH This Week

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-15646 MEDIUM POC PATCH This Month

Webmin before 1.860 has XSS with resultant remote code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Command Injection Webmin
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
8.2%
CVE-2017-10309 HIGH POC PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle Jdk Jre +24
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
1.8%
CVE-2017-15639 MEDIUM POC This Month

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mura Cms
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.2%
CVE-2017-10355 MEDIUM POC PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle Jdk Jre +28
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
6.3%
CVE-2017-12251 CRITICAL Act Now

A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Services Platform 2100
NVD
CVSS 3.0
9.9
EPSS
3.2%
CVE-2017-10405 CRITICAL PATCH Act Now

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2017-10402 CRITICAL PATCH Act Now

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2017-15648 MEDIUM POC This Month

In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Melody
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15612 MEDIUM POC PATCH This Month

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mistune
NVD GitHub
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-10404 CRITICAL PATCH Act Now

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.0
9.9
EPSS
1.0%
CVE-2017-5636 CRITICAL PATCH Act Now

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Apache Nifi
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-10396 CRITICAL PATCH Act Now

Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Hospitality Cruise Affairwhere
NVD
CVSS 3.0
9.9
EPSS
0.4%
CVE-2017-10346 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +27
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2017-10285 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +27
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2017-10330 CRITICAL PATCH Act Now

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Common Applications
NVD
CVSS 3.0
9.1
EPSS
2.2%
CVE-2017-10329 CRITICAL PATCH Act Now

Vulnerability in the Oracle Global Order Promising component of Oracle E-Business Suite (subcomponent: Reschedule Sales Orders). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Global Order Promising
NVD
CVSS 3.0
9.1
EPSS
2.2%
CVE-2017-10424 HIGH PATCH This Week

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Mysql Enterprise Monitor
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-12293 HIGH This Week

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Webex Meetings Server
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2017-3883 HIGH This Week

A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Extensible Operating System Fxos Nx Os
NVD
CVSS 3.0
8.6
EPSS
1.5%
CVE-2017-12271 HIGH This Week

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Spa300 Firmware Spa500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-10321 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Oracle Database
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10372 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Hospitality Guest Access
NVD
CVSS 3.0
8.7
EPSS
0.3%
CVE-2017-10401 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.

Denial Of Service Oracle Hospitality Cruise Materials Management
NVD
CVSS 3.0
8.7
EPSS
0.0%
CVE-2017-10034 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Core Formatting API). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence Publisher
NVD
CVSS 3.0
8.2
EPSS
1.8%
CVE-2017-10065 HIGH PATCH This Week

Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Retail Point Of Service
NVD
CVSS 3.0
8.5
EPSS
0.2%
CVE-2017-10354 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10338 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10326 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Common Applications Calendar
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10325 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Common Applications Calendar
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10303 HIGH PATCH This Week

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Setup). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Interaction Center Intelligence
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10026 HIGH PATCH This Week

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Soa Suite
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10323 HIGH PATCH This Week

Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Application Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Web Applications Desktop Integrator
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10060 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10398 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Authentication Bypass Oracle Hospitality Cruise Fleet Management
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2017-10263 HIGH PATCH This Week

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Ui Framework
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2017-10050 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hospitality Suite8
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10413 HIGH PATCH This Week

Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Mobile Field Service
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10360 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Content
NVD
CVSS 3.0
8.2
EPSS
0.9%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy