Critical Vulnerabilities with Public Exploits
Updated 51m agoSearch and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.
4,101 results
Clear all
CVE-2017-15967
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.02
Mailing-manager Mailing List Manager Pro - SQL Injection
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CWE-89
Oct 29, 2017
CVE-2017-15966
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.04
ZH Yandexmap - SQL Injection
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CWE-89
Oct 29, 2017
CVE-2017-15965
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.04
Nswd NS Download Shop - SQL Injection
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CWE-89
Oct 29, 2017
CVE-2017-15964
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Nicephpscripts Job Board Script - SQL Injection
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CWE-89
Oct 29, 2017
CVE-2017-15963
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.02
Itechscripts Gigs Script - SQL Injection
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CWE-89
Oct 29, 2017
CVE-2017-15962
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.18
Istock Management System - Unrestricted File Upload
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CWE-434
Oct 29, 2017
CVE-2017-15961
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Iproject Management System - SQL Injection
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CWE-89
Oct 29, 2017
CVE-2017-15960
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Yourarticlesdirectory Article Directory Script - SQL Injection
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CWE-89
Oct 29, 2017
CVE-2017-15959
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.02
Adultscriptpro - SQL Injection
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CWE-89
Oct 29, 2017
CVE-2017-15958
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Domainzaar D-park Pro - SQL Injection
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CWE-89
Oct 29, 2017
CVE-2017-16523
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Hardcoded Password
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
Nov 03, 2017
CVE-2017-15081
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.07
Phpsugar Php Melody - SQL Injection
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CWE-89
Oct 24, 2017
CVE-2017-15381
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Softwarepublico E-sic - SQL Injection
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
CWE-89
Oct 23, 2017
CVE-2017-15379
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Softwarepublico E-sic - SQL Injection
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
CWE-89
Oct 23, 2017
CVE-2017-15373
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Softwarepublico E-sic - SQL Injection
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
CWE-89
Oct 16, 2017
CVE-2017-15579
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Phpsugar Php Melody < 2.7.2 - SQL Injection
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CWE-89
Oct 18, 2017
CVE-2017-6089
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Phpcollab < 2.5.1 - SQL Injection
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.
CWE-89
Oct 03, 2017
CVE-2017-14492
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.93
dnsmasq <2.78 - Buffer Overflow
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CWE-119
Oct 03, 2017
CVE-2017-14089
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.32
Trend Micro OfficeScan <11.0 - Memory Corruption
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
CWE-119
Oct 06, 2017
CVE-2017-14738
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.06
FileRun <2017.09.18 - SQL Injection
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
CWE-89
Sep 30, 2017