Skip to main content
CVE-2016-9137 CRITICAL POC Act Now

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption PHP Denial Of Service Use After Free
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-9936 CRITICAL POC PATCH Act Now

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Deserialization Denial Of Service Use After Free PHP
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-10114 CRITICAL POC Act Now

SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aweb Cart Watching System For Virtuemart
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-7399 CRITICAL PATCH Act Now

scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.4%.

Command Injection Netbackup Appliance Firmware
NVD
CVSS 3.0
9.8
EPSS
13.4%
CVE-2016-10115 CRITICAL Act Now

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Arlo Base Station Firmware Arlo Q Camera Firmware Arlo Q Plus Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2016-9935 CRITICAL PATCH Act Now

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure PHP Buffer Overflow
NVD GitHub
CVSS 3.0
9.8
EPSS
4.4%
CVE-2016-9138 CRITICAL Act Now

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption PHP Denial Of Service Use After Free
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2014-9911 CRITICAL PATCH Act Now

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-8670 CRITICAL PATCH Act Now

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2014-9912 CRITICAL PATCH Act Now

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow
NVD
CVSS 3.0
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy