Skip to main content
CVE-2016-7400 CRITICAL POC PATCH THREAT Act Now

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

SQLi Exponent Cms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
19.4%
Threat
4.0
CVE-2016-6175 CRITICAL POC THREAT Emergency

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.

RCE Code Injection PHP Php Gettext
NVD Exploit-DB GitHub
CVSS 3.0
9.8
EPSS
10.9%
CVE-2015-8608 CRITICAL POC Act Now

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Information Disclosure Perl
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2016-6199 CRITICAL POC Act Now

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE Gradle
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-6667 CRITICAL PATCH Act Now

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oncommand Unified Manager For Clustered Data Ontap
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-5711 CRITICAL PATCH Act Now

NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Information Disclosure Virtual Storage Console For Vmware Vsphere
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-2403 CRITICAL PATCH Act Now

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Symfony
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-9639 CRITICAL PATCH Act Now

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Salt
NVD
CVSS 3.0
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy