Skip to main content
CVE-2016-1019 CRITICAL KEV PATCH THREAT Act Now

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 72.4%.

Adobe Denial Of Service RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
72.4%
Threat
5.6
CVE-2016-2563 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Denial Of Service RCE Buffer Overflow Kitty Putty
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2016-2851 CRITICAL POC THREAT Emergency

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.1%.

Denial Of Service RCE Buffer Overflow Debian Linux Leap +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
23.1%
Threat
4.2
CVE-2016-0729 CRITICAL POC THREAT Emergency

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Denial Of Service RCE Buffer Overflow Apache X14J Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
23.0%
Threat
4.2
CVE-2016-0788 CRITICAL PATCH Act Now

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.4%.

Jenkins RCE Privilege Escalation Openshift
NVD
CVSS 3.0
9.8
EPSS
37.4%
CVE-2016-3974 CRITICAL POC THREAT Emergency

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service XXE SAP Java Netweaver Application Server Java
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
13.9%
CVE-2016-0791 CRITICAL PATCH Act Now

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy