Skip to main content
CVE-2017-16903 CRITICAL POC Act Now

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Lvyecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-16896 CRITICAL PATCH Act Now

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Tiny Tiny Rss
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11402 CRITICAL Act Now

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tofino Xenon Security Appliance Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-11401 CRITICAL Act Now

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tofino Xenon Security Appliance Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy