Skip to main content
CVE-2013-7459 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

Buffer Overflow RCE Python Pycrypto Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
14.5%
CVE-2016-3694 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Shopsoftware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-2973 CRITICAL Act Now

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

Buffer Overflow RCE Adobe Digital Editions
NVD
CVSS 3.0
9.8
EPSS
13.3%
CVE-2016-0360 CRITICAL Act Now

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization IBM Java Websphere Mq Jms
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-2968 CRITICAL Act Now

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Code Injection Campaign
NVD
CVSS 3.0
9.1
EPSS
3.0%
CVE-2016-9706 CRITICAL PATCH Act Now

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Integration Bus Websphere Message Broker
NVD
CVSS 3.0
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy