Skip to main content
CVE-2017-2894 CRITICAL POC Act Now

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Mongoose
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2017-2891 CRITICAL POC Act Now

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free RCE Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2017-2922 CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Use After Free RCE Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2017-2921 CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2017-16561 CRITICAL POC Act Now

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ingenious School Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12085 CRITICAL POC Act Now

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Circle With Disney Firmware
NVD
CVSS 3.0
9.0
EPSS
1.5%
CVE-2017-2892 CRITICAL Act Now

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Information Disclosure Mongoose
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2017-2864 CRITICAL Act Now

An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Circle With Disney Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2017-15887 CRITICAL Act Now

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Information Disclosure Carddav Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-0872 CRITICAL Act Now

A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webdatorcentral
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy