Skip to main content
CVE-2016-1209 CRITICAL POC THREAT Emergency

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.

WordPress PHP Code Injection Ninja Forms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.6%
Threat
5.9
CVE-2016-2296 CRITICAL POC THREAT Emergency

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.3%.

Information Disclosure Web Log Basic 100 Web Log Light Web Log Pro Web Log Pro Unlimited
NVD Exploit-DB
CVSS 3.0
9.4
EPSS
75.3%
Threat
5.6
CVE-2016-2298 CRITICAL POC THREAT Emergency

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.

Information Disclosure Web Log Basic 100 Web Log Light Web Log Pro Web Log Pro Unlimited
NVD
CVSS 3.0
9.8
EPSS
73.0%
Threat
5.7
CVE-2016-1662 CRITICAL Act Now

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
9.8
EPSS
15.8%
CVE-2016-1666 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +3
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-4325 CRITICAL Act Now

Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xprintserver Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-2297 CRITICAL Act Now

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature.". Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Log Basic 100 Web Log Light Web Log Pro Web Log Pro Unlimited
NVD
CVSS 3.0
9.4
EPSS
1.6%
CVE-2016-1669 HIGH This Week

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2016-1663 HIGH This Week

The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Denial Of Service Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1660 HIGH This Week

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Enterprise Linux Desktop Supplementary +4
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-1668 HIGH This Week

The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Chrome Opensuse +1
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-1667 HIGH This Week

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Opensuse Debian Linux +1
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-1661 HIGH This Week

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 3.0
8.0
EPSS
1.0%
CVE-2016-1671 HIGH This Week

Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Google Chrome
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2015-8156 HIGH This Week

Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Endpoint Encryption
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1399 HIGH This Week

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-1208 HIGH This Week

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple PHP Information Disclosure Mac Os X Filemaker
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-2015 HIGH This Week

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-1665 MEDIUM This Month

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Opensuse Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2015-8530 MEDIUM This Month

Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow Spss Statistics
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-2016 MEDIUM PATCH This Month

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Authentication Bypass Base Vxfs 50 Base Vxfs 501 Base Vxfs 51
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-1207 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wn G300R2 Firmware Wn G300R3 Firmware Wn G300R Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1670 MEDIUM This Month

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Google Information Disclosure Chrome Opensuse +1
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2016-1664 MEDIUM This Month

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2016-1206 MEDIUM This Month

The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wn Gdn R3 Firmware
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy