Skip to main content
CVE-2016-9299 CRITICAL POC PATCH THREAT Act Now

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.2%.

Code Injection RCE Java Jenkins LDAP +1
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
89.2%
Threat
6.1
CVE-2016-7479 CRITICAL POC THREAT Emergency

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Memory Corruption PHP RCE Use After Free
NVD
CVSS 3.0
9.8
EPSS
20.2%
Threat
4.1
CVE-2016-7791 CRITICAL POC Act Now

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2016-7790 CRITICAL POC Act Now

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2016-3149 CRITICAL Act Now

Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.2% and no vendor patch available.

RCE Clickshare Csc 1 Firmware Clickshare Csm 1 Firmware
NVD
CVSS 3.0
9.8
EPSS
14.2%
CVE-2016-10131 CRITICAL PATCH GHSA Act Now

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Codeigniter
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2016-8438 CRITICAL Act Now

Integer overflow leading to a TOCTOU condition in hypervisor PIL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-8398 CRITICAL Act Now

Unauthenticated messages processed by the UE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-3152 CRITICAL Act Now

Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clickshare Csc 1 Firmware
NVD VulDB
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8459 CRITICAL Act Now

Possible buffer overflow in storage subsystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8439 CRITICAL Act Now

Possible buffer overflow in trust zone access control API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8437 CRITICAL Act Now

Improper input validation in Access Control APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8440 CRITICAL Act Now

Possible buffer overflow in SMMU system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-8606 CRITICAL PATCH Act Now

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Authentication Bypass Guile Fedora
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy