Skip to main content
CVE-2017-16562 CRITICAL POC THREAT Emergency

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.2%.

WordPress Authentication Bypass Userpro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
48.2%
Threat
4.9
CVE-2017-11309 CRITICAL POC THREAT Emergency

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.4%.

Buffer Overflow RCE Microsoft Ip Office
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
25.4%
Threat
4.2
CVE-2017-16783 CRITICAL POC Act Now

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cms Made Simple
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.9%
CVE-2017-16764 CRITICAL POC Act Now

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Django Make App
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2017-16780 CRITICAL POC Act Now

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Mybb
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-16763 CRITICAL POC PATCH Act Now

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Confire
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-16521 CRITICAL Act Now

In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buildmaster
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-16634 CRITICAL PATCH Act Now

In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Joomla
NVD
CVSS 3.0
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy