Skip to main content
CVE-2016-1209 CRITICAL POC THREAT Emergency

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.

WordPress PHP Code Injection Ninja Forms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.6%
Threat
5.9
CVE-2016-2296 CRITICAL POC THREAT Emergency

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.3%.

Information Disclosure Web Log Basic 100 Web Log Light Web Log Pro Web Log Pro Unlimited
NVD Exploit-DB
CVSS 3.0
9.4
EPSS
75.3%
Threat
5.6
CVE-2016-2298 CRITICAL POC THREAT Emergency

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.

Information Disclosure Web Log Basic 100 Web Log Light Web Log Pro Web Log Pro Unlimited
NVD
CVSS 3.0
9.8
EPSS
73.0%
Threat
5.7
CVE-2016-1662 CRITICAL Act Now

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 3.0
9.8
EPSS
15.8%
CVE-2016-1666 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +3
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-4325 CRITICAL Act Now

Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xprintserver Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-2297 CRITICAL Act Now

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature.". Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Log Basic 100 Web Log Light Web Log Pro Web Log Pro Unlimited
NVD
CVSS 3.0
9.4
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy