Skip to main content
CVE-2016-9137 CRITICAL POC Act Now

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption PHP Denial Of Service Use After Free
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-9936 CRITICAL POC PATCH Act Now

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Deserialization Denial Of Service Use After Free PHP
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-10114 CRITICAL POC Act Now

SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aweb Cart Watching System For Virtuemart
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-7399 CRITICAL PATCH Act Now

scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.4%.

Command Injection Netbackup Appliance Firmware
NVD
CVSS 3.0
9.8
EPSS
13.4%
CVE-2016-10115 CRITICAL Act Now

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Arlo Base Station Firmware Arlo Q Camera Firmware Arlo Q Plus Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2016-9935 CRITICAL PATCH Act Now

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure PHP Buffer Overflow
NVD GitHub
CVSS 3.0
9.8
EPSS
4.4%
CVE-2016-9138 CRITICAL Act Now

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption PHP Denial Of Service Use After Free
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2014-9911 CRITICAL PATCH Act Now

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-8670 CRITICAL PATCH Act Now

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2014-9912 CRITICAL PATCH Act Now

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-9934 HIGH PATCH Act Now

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.6%.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.0
7.5
EPSS
11.6%
CVE-2016-9933 HIGH PATCH Act Now

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.1%.

Denial Of Service PHP Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
7.5
EPSS
11.1%
CVE-2016-10116 HIGH This Week

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Privilege Escalation Arlo Base Station Firmware Arlo Q Camera Firmware Arlo Q Plus Camera Firmware
NVD
CVSS 3.0
8.1
EPSS
7.1%
CVE-2016-7902 HIGH PATCH This Week

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP File Upload Dotclear
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2016-8860 HIGH PATCH This Week

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Tor
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2016-6894 HIGH PATCH This Week

Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dcs 7050T Eos Software Dcs 7050Q Eos Software Dcs 7050S Eos Software
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6595 MEDIUM This Month

The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-10112 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Woocommerce
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2016-7903 LOW PATCH Monitor

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Dotclear
NVD
CVSS 3.0
3.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy