Skip to main content
CVE-2017-15944 CRITICAL POC KEV THREAT Emergency

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Paloalto RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.0%
Threat
7.8
CVE-2017-17111 CRITICAL POC THREAT Emergency

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

SQLi PHP Posty Readymade Classifieds
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.7%
Threat
4.0
CVE-2017-17110 CRITICAL POC THREAT Emergency

Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

SQLi PHP Techno Portfolio Management Panel
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.7%
Threat
4.0
CVE-2017-15708 CRITICAL PATCH Act Now

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.9%.

RCE Java Apache Synapse Financial Services Market Risk Measurement And Management +1
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2017-15940 CRITICAL Act Now

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-17499 CRITICAL PATCH Act Now

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Imagemagick Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2017-15896 CRITICAL Act Now

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass OpenSSL Node Js
NVD
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy