Skip to main content
CVE-2016-1000112 CRITICAL POC THREAT Emergency

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.7%.

Path Traversal WordPress File Upload Contus Video Comments
NVD
CVSS 3.1
9.1
EPSS
35.7%
Threat
4.4
CVE-2016-1000217 CRITICAL POC THREAT Emergency

Zotpress plugin for WordPress SQLi in zp_get_account(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

WordPress SQLi Zotpress
NVD
CVSS 3.0
9.8
EPSS
11.4%
CVE-2015-1000000 CRITICAL POC THREAT Emergency

Remote file upload vulnerability in mailcwp v1.99 wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

WordPress File Upload Mailcwp
NVD
CVSS 3.0
9.8
EPSS
11.3%
CVE-2015-1000001 CRITICAL POC Act Now

Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Fast Image Adder
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2016-1000123 CRITICAL POC Act Now

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Video Gallery
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.4%
CVE-2016-1453 CRITICAL Act Now

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.1% and no vendor patch available.

Cisco Buffer Overflow RCE Nx Os
NVD
CVSS 3.1
9.8
EPSS
26.1%
CVE-2015-1000011 CRITICAL POC Act Now

Blind SQL Injection in wordpress plugin dukapress v2.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Dukapress
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2015-1000003 CRITICAL POC Act Now

Blind SQL Injection in filedownload v1.4 wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Filedownload
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2016-1000113 CRITICAL POC Act Now

XSS and SQLi in huge IT gallery v1.1.5 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Gallery
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2016-1000124 CRITICAL POC Act Now

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Portfolio Gallery
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-1000125 CRITICAL POC Act Now

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Huge It Catalog
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.2%
CVE-2015-1000009 CRITICAL POC Act Now

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Google Authentication Bypass Google Adsense And Hotel Booking
NVD
CVSS 3.0
9.1
EPSS
5.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy