Skip to main content
CVE-2016-7400 CRITICAL POC PATCH THREAT Act Now

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

SQLi Exponent Cms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
19.4%
Threat
4.0
CVE-2016-6175 CRITICAL POC THREAT Emergency

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.

RCE Code Injection PHP Php Gettext
NVD Exploit-DB GitHub
CVSS 3.0
9.8
EPSS
10.9%
CVE-2015-8608 CRITICAL POC Act Now

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Information Disclosure Perl
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2016-6199 CRITICAL POC Act Now

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE Gradle
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-2539 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Atutor
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-6667 CRITICAL PATCH Act Now

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oncommand Unified Manager For Clustered Data Ontap
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-5711 CRITICAL PATCH Act Now

NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Information Disclosure Virtual Storage Console For Vmware Vsphere
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-2403 CRITICAL PATCH Act Now

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Symfony
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-7599 HIGH This Week

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Denial Of Service Vxworks
NVD
CVSS 3.0
8.1
EPSS
8.2%
CVE-2015-5677 MEDIUM POC PATCH This Month

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8322 HIGH PATCH This Week

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Data Ontap
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2016-9639 CRITICAL PATCH Act Now

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Salt
NVD
CVSS 3.0
9.1
EPSS
0.8%
CVE-2016-1894 HIGH PATCH This Week

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oncommand Workflow Automation
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-3180 HIGH This Week

Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Tor Browser Launcher
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-1504 HIGH PATCH This Week

dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2016-6131 HIGH PATCH This Week

The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libiberty
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-2779 HIGH This Week

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Util Linux
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2014-9914 HIGH PATCH This Week

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Android
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-10044 HIGH PATCH This Week

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Privilege Escalation Linux Kernel Android
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-6104 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE IBM File Upload Security Key Lifecycle Manager
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2016-3063 HIGH PATCH This Week

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Oncommand System Manager
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-7164 HIGH PATCH This Week

The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libtorrent
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-4341 HIGH PATCH This Week

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8544 HIGH This Week

NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Snapdrive
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-1502 HIGH PATCH This Week

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Snapcenter Server
NVD
CVSS 3.0
7.3
EPSS
0.2%
CVE-2016-5372 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Snap Creator Framework
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2016-6092 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-6096 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6495 MEDIUM PATCH This Month

NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Data Ontap
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-3020 MEDIUM PATCH This Month

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-3124 MEDIUM PATCH This Month

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Simplesamlphp
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-2781 MEDIUM This Month

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Coreutils
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2016-6094 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6097 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy