Skip to main content
CVE-2017-16995 HIGH POC THREAT Act Now

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 82.8%.

Buffer Overflow Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
82.8%
Threat
5.5
CVE-2017-17849 CRITICAL POC THREAT Emergency

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.1%.

Buffer Overflow RCE Getgo Download Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
35.1%
Threat
4.5
CVE-2017-17876 HIGH POC THREAT Act Now

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Authentication Bypass Shift
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
24.0%
CVE-2017-17870 CRITICAL POC Act Now

The JBuildozer extension 1.4.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jbuildozer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-17875 CRITICAL POC Act Now

The JEXTN FAQ Pro extension 4.0.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jextn Faq Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17873 CRITICAL POC Act Now

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Marketplace Digital Products Php
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17872 CRITICAL POC Act Now

The JEXTN Video Gallery extension 3.0.5 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jextn Video Gallery
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17871 CRITICAL POC Act Now

The "JEXTN Question And Answer" extension 3.1.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jextn Question And Answer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17931 CRITICAL POC Act Now

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Resume Clone Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17928 CRITICAL POC Act Now

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Professional Service Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17906 CRITICAL POC Act Now

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Rental Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17895 CRITICAL POC Act Now

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Basic Job Site Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17892 CRITICAL POC Act Now

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Readymade Video Sharing Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17850 HIGH Act Now

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.0
7.5
EPSS
30.0%
CVE-2017-17874 HIGH POC This Week

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Marketplace Digital Products Php
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-17888 HIGH POC This Week

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Abb Command Injection Antiweb
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2017-17930 HIGH POC This Week

PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Professional Service Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17905 HIGH POC This Week

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Car Rental Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17894 HIGH POC This Week

Readymade Job Site Script has CSRF via the /job URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Basic Job Site Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17891 HIGH POC This Week

Readymade Video Sharing Script has CSRF via user-profile-edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Readymade Video Sharing Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17908 HIGH POC This Week

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Responsive Realestate Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17903 HIGH POC This Week

FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lynda Clone
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-13056 HIGH POC This Week

The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pdf Xchange Viewer
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.0%
CVE-2016-6914 HIGH POC This Week

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Microsoft Privilege Escalation Unifi Video
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2017-11697 HIGH POC This Week

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla Network Security Services
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11698 HIGH POC This Week

Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Network Security Services
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11696 HIGH POC This Week

Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Network Security Services
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11695 HIGH POC This Week

Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Network Security Services
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-7154 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Iphone Os Mac Os X Tvos
NVD Exploit-DB
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-9944 CRITICAL Act Now

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Kt Pac1200 Data Manager Firmware
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2015-7324 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Komento
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17907 MEDIUM POC This Month

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Car Rental Script
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17896 MEDIUM POC This Month

Readymade Job Site Script has XSS via the keyword parameter to the /job URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Basic Job Site Script
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17893 MEDIUM POC This Month

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Readymade Video Sharing Script
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17868 MEDIUM POC This Month

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liferay Portal
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17911 MEDIUM POC This Month

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Archon
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17869 MEDIUM POC This Month

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Mgl Instagram Gallery
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7669 CRITICAL Act Now

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress PHP Easy2Map
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17877 CRITICAL Act Now

An issue was discovered in Valve Steam Link build 643. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Steam Link Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2015-6237 CRITICAL Act Now

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip360
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-17900 CRITICAL PATCH Act Now

SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17899 CRITICAL PATCH Act Now

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17897 CRITICAL PATCH Act Now

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17878 CRITICAL PATCH Act Now

An issue was discovered in Valve Steam Link build 643. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Steam Link Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17832 MEDIUM POC PATCH This Month

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Monitoring Software
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17904 MEDIUM POC This Month

FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lynda Clone
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17927 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Professional Service Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-17924 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Professional Service Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-17926 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Professional Service Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-7157 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Microsoft Apple +6
NVD
CVSS 3.0
8.8
EPSS
2.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy