Skip to main content
CVE-2016-4519 CRITICAL Act Now

Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Visilogic Oplc Ide
NVD
CVSS 3.0
9.8
EPSS
9.8%
CVE-2016-4822 HIGH This Week

Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cg Wlbargl Firmware
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2016-1189 HIGH This Week

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-4823 HIGH This Week

Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cg Wlbaragm Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1193 HIGH This Week

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4825 MEDIUM This Month

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE WordPress PHP Welcart E Commerce
NVD
CVSS 3.1
5.6
EPSS
9.5%
CVE-2016-4525 MEDIUM This Month

Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
6.6
EPSS
0.2%
CVE-2016-4828 MEDIUM This Month

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Welcart E Commerce
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2016-1188 MEDIUM This Month

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-1190 MEDIUM This Month

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-4827 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2016-4826 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2016-4824 MEDIUM This Month

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cg Wlr300Gnv Firmware Cg Wlr300Gnv W Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-4528 MEDIUM This Month

Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Webaccess
NVD
CVSS 3.0
5.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy