Skip to main content
CVE-2016-0151 HIGH POC KEV PATCH THREAT Act Now

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
44.1%
Threat
5.9
CVE-2016-0145 HIGH POC THREAT Act Now

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.8%.

RCE Buffer Overflow Microsoft Net Framework Live Meeting +11
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
74.8%
Threat
5.5
CVE-2016-2118 HIGH POC THREAT Act Now

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.5%.

Information Disclosure Samba Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
78.5%
Threat
5.4
CVE-2016-0165 HIGH POC KEV PATCH THREAT Act Now

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
6.2%
Threat
4.7
CVE-2016-0167 HIGH KEV PATCH THREAT Act Now

The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
6.1%
Threat
5.2
CVE-2016-0122 HIGH POC THREAT Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

RCE Buffer Overflow Microsoft Excel Excel Viewer +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
39.9%
Threat
4.3
CVE-2016-0150 HIGH Act Now

HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Denial Of Service Microsoft Windows 10
NVD
CVSS 3.0
7.5
EPSS
43.3%
CVE-2016-0136 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 40.6% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Office Compatibility Pack +2
NVD
CVSS 3.0
7.8
EPSS
40.6%
CVE-2016-0153 HIGH Act Now

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 33.7% and no vendor patch available.

Microsoft RCE Authentication Bypass Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
33.7%
CVE-2016-0147 HIGH Act Now

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.4% and no vendor patch available.

RCE Microsoft Xml Core Services
NVD
CVSS 3.0
8.8
EPSS
26.4%
CVE-2016-0139 HIGH Act Now

Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Excel Viewer +1
NVD
CVSS 3.0
7.8
EPSS
30.3%
CVE-2016-0127 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +4
NVD
CVSS 3.0
7.8
EPSS
29.9%
CVE-2016-3172 HIGH POC This Week

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-8702 HIGH POC PATCH This Week

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Inspircd
NVD GitHub
CVSS 3.0
8.6
EPSS
0.8%
CVE-2016-3986 HIGH POC This Week

Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Avast
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.4%
CVE-2016-0785 HIGH PATCH Act Now

{}" sequence in a tag attribute, aka forced double OGNL evaluation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.8%.

RCE Apache Struts
NVD
CVSS 3.0
8.8
EPSS
17.8%
CVE-2016-0143 HIGH POC This Week

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.3%
CVE-2016-0156 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 18.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
18.4%
CVE-2016-0154 HIGH Act Now

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD
CVSS 3.0
7.5
EPSS
16.3%
CVE-2016-0155 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
16.0%
CVE-2016-0164 HIGH Act Now

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.8% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
12.8%
CVE-2016-0157 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
12.4%
CVE-2016-3171 HIGH PATCH This Week

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Drupal Debian Linux
NVD
CVSS 3.0
8.1
EPSS
8.2%
CVE-2016-0166 HIGH This Week

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2016-0159 HIGH This Week

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2016-0148 HIGH This Week

Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Microsoft Net Framework
NVD
CVSS 3.0
7.8
EPSS
8.2%
CVE-2016-1568 HIGH This Week

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free Qemu +3
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2016-2405 HIGH This Week

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Huawei Policy Center Firmware
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-0135 HIGH This Week

The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability.". Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10
NVD
CVSS 3.0
8.4
EPSS
0.5%
CVE-2016-2857 HIGH This Week

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux +8
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2016-2558 HIGH This Week

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Buffer Overflow Microsoft Gpu Driver R340 +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2016-2557 HIGH This Week

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Privilege Escalation Microsoft Gpu Driver R340 +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2016-3169 HIGH PATCH This Week

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Debian Linux Drupal
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2016-1866 HIGH PATCH This Week

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Authentication Bypass Salt Leap
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-1035 HIGH This Week

Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Robohelp
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-3162 HIGH PATCH This Week

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Drupal Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-0160 HIGH This Week

Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-3157 HIGH PATCH This Week

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Linux Xen Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-2556 HIGH This Week

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Microsoft Gpu Driver R340 Gpu Driver R352
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-3163 HIGH PATCH This Week

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Drupal
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-3656 HIGH This Week

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Paloalto Pan Os
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-3165 HIGH PATCH This Week

The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Drupal
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-3164 HIGH PATCH This Week

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Drupal Debian Linux
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2016-3167 HIGH PATCH This Week

Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Open Redirect Drupal Debian Linux
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2016-2001 HIGH PATCH This Week

HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Universal Cmbd Foundation
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2015-8474 HIGH PATCH This Week

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Debian Linux Redmine
NVD GitHub
CVSS 3.0
7.4
EPSS
0.4%
CVE-2016-3654 HIGH This Week

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2016-0089 HIGH This Week

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 8 1 Windows Server 2012
NVD
CVSS 3.0
7.1
EPSS
0.9%
CVE-2016-0090 HIGH This Week

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 8 1 Windows Server 2012
NVD
CVSS 3.0
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy