Skip to main content
CVE-2016-1525 HIGH POC THREAT Act Now

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.7%.

Path Traversal Netgear Prosafe Network Management Software 300
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
82.7%
Threat
5.7
CVE-2016-1522 HIGH POC This Week

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Fedora +4
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2016-1521 HIGH This Week

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-0865 HIGH This Week

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Smartgrid Lighthouse Sensor Management System
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-1949 HIGH This Week

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Firefox
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-0863 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smartgrid Lighthouse Sensor Management System
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1526 HIGH This Week

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Debian Linux Firefox +3
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2015-8630 HIGH PATCH This Week

The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kerberos 5
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy