CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Actively Exploited Vulnerabilities

Every advisory below covers a vulnerability with exploitation observed in the wild, cross-referenced against the CISA Known Exploited Vulnerabilities (KEV) catalog and refreshed every 3 hours. If your patch queue is long, start here: KEV listing means real attacks are happening now, and US federal agencies are required to remediate these under BOD 22-01.

1,706 exploited-vulnerability advisories · page 27 / 35

CVE-2017-9841: PHPUnit Command Injection Vulnerability

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

criticalexploitedCVE-2017-9841cisa-kev2022-02-15
← NewerOlder →