Skip to main content
CVE-2016-1000216 HIGH POC THREAT Act Now

Ruckus Wireless H500 web management interface authenticated command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Command Injection Wireless H500
NVD
CVSS 3.0
8.8
EPSS
20.2%
CVE-2016-5348 MEDIUM POC PATCH THREAT This Month

The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 14.6%.

Qualcomm Google Denial Of Service Android
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
14.6%
CVE-2016-1000148 MEDIUM POC This Month

Reflected XSS in wordpress plugin s3-video v0.983. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress S3 Video
NVD
CVSS 3.0
6.1
EPSS
9.4%
CVE-2016-7117 CRITICAL PATCH Act Now

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6%.

RCE Linux Debian Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
10.6%
CVE-2016-3934 HIGH POC This Week

drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1000149 MEDIUM POC This Month

Reflected XSS in wordpress plugin simpel-reserveren v3.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simpel Reserveren
NVD
CVSS 3.0
6.1
EPSS
7.3%
CVE-2016-1000142 MEDIUM POC This Month

Reflected XSS in wordpress plugin parsi-font v4.2.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Parsi Font
NVD
CVSS 3.0
6.1
EPSS
7.3%
CVE-2016-1000137 MEDIUM POC This Month

Reflected XSS in wordpress plugin hero-maps-pro v2.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hero Maps Pro
NVD
CVSS 3.0
6.1
EPSS
7.3%
CVE-2016-1000143 MEDIUM POC This Month

Reflected XSS in wordpress plugin photoxhibit v2.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photoxhibit
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000141 MEDIUM POC This Month

Reflected XSS in wordpress plugin page-layout-builder v1.9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Layout Builder
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000140 MEDIUM POC This Month

Reflected XSS in wordpress plugin new-year-firework v1.1.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress New Year Firework
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000138 MEDIUM POC This Month

Reflected XSS in wordpress plugin indexisto v1.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Indexisto
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000136 MEDIUM POC This Month

Reflected XSS in wordpress plugin heat-trackr v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Heat Trackr
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2016-1000152 MEDIUM POC This Month

Reflected XSS in wordpress plugin tidio-form v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tidio Form
NVD
CVSS 3.0
6.1
EPSS
6.5%
CVE-2016-1000154 MEDIUM POC This Month

Reflected XSS in wordpress plugin whizz v1.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Whizz
NVD
CVSS 3.0
6.1
EPSS
5.8%
CVE-2016-1000133 MEDIUM POC This Month

Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Forget About Shortcode Buttons
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2016-1000139 MEDIUM POC PATCH This Month

Reflected XSS in wordpress plugin infusionsoft v1.5.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Infusionsoft
NVD
CVSS 3.0
6.1
EPSS
2.9%
CVE-2016-1000128 MEDIUM POC This Month

Reflected XSS in wordpress plugin anti-plagiarism v3.60. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Anti Plagiarism
NVD
CVSS 3.0
6.1
EPSS
2.9%
CVE-2016-1000129 MEDIUM POC This Month

Reflected XSS in wordpress plugin defa-online-image-protector v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Defa Online Image Protector
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2016-1000132 MEDIUM POC PATCH This Month

Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Tooltip Glossary
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2016-1000127 MEDIUM POC This Month

Reflected XSS in wordpress plugin ajax-random-post v2.00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ajax Random Post
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000126 MEDIUM POC This Month

Reflected XSS in wordpress plugin admin-font-editor v1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Admin Font Editor
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000155 MEDIUM POC This Month

Reflected XSS in wordpress plugin wpsolr-search-engine v7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpsolr Search Engine
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000135 MEDIUM POC This Month

Reflected XSS in wordpress plugin hdw-tube v1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hdw Tube
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000134 MEDIUM POC This Month

Reflected XSS in wordpress plugin hdw-tube v1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hdw Tube
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000131 MEDIUM POC This Month

Reflected XSS in wordpress plugin e-search v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Esearch
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2016-1000146 MEDIUM POC This Month

Reflected XSS in wordpress plugin pondol-formmail v1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Pondol Formmail
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2016-1000153 MEDIUM POC This Month

Reflected XSS in wordpress plugin tidio-gallery v1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tidio Gallery
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2016-1000130 MEDIUM POC This Month

Reflected XSS in wordpress plugin e-search v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress E Search
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2016-1000151 MEDIUM POC This Month

Reflected XSS in wordpress plugin tera-charts v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tera Charts
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-1000147 MEDIUM POC This Month

Reflected XSS in wordpress plugin recipes-writer v1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Recipes Writer
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-1000145 MEDIUM POC This Month

Reflected XSS in wordpress plugin pondol-carousel v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Pondol Carousel
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-1000150 MEDIUM POC This Month

Reflected XSS in wordpress plugin simplified-content v1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simplified Content
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-1000144 MEDIUM POC This Month

Reflected XSS in wordpress plugin photoxhibit v2.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photoxhibit
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-5343 CRITICAL PATCH Act Now

drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Google Linux Buffer Overflow Qualcomm +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2016-6691 CRITICAL PATCH Act Now

service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Android
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6695 CRITICAL PATCH Act Now

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6696 CRITICAL PATCH Act Now

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6694 CRITICAL PATCH Act Now

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6693 CRITICAL PATCH Act Now

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6692 CRITICAL PATCH Act Now

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Qualcomm Denial Of Service Google Null Pointer Dereference Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-3929 CRITICAL PATCH Act Now

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-3927 CRITICAL PATCH Act Now

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-3926 CRITICAL PATCH Act Now

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-6689 MEDIUM POC PATCH This Month

Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Android
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-3912 HIGH PATCH This Week

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3910 HIGH PATCH This Week

services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3914 HIGH PATCH This Week

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure Java Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6680 HIGH This Week

CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3922 HIGH PATCH This Week

libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy