Skip to main content
CVE-2016-1555 CRITICAL POC KEV PATCH THREAT Act Now

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2016-1560 CRITICAL POC THREAT Emergency

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.7%.

Authentication Bypass Ex3000 Firmware Ex5000 Firmware Ex7000 Firmware Ex10000E Firmware +4
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
81.7%
Threat
5.9
CVE-2016-1561 HIGH POC THREAT Act Now

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.4%.

Information Disclosure Ex3000 Firmware Ex5000 Firmware Ex7000 Firmware Ex10000E Firmware +4
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
84.4%
Threat
5.5
CVE-2017-8051 CRITICAL POC PATCH THREAT Act Now

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.1%.

Command Injection Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.1%
Threat
5.1
CVE-2016-3109 CRITICAL POC PATCH THREAT Act Now

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

RCE Shopware
NVD GitHub
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2016-5399 HIGH POC THREAT Act Now

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service Buffer Overflow RCE PHP Memory Corruption
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
13.9%
CVE-2016-2173 CRITICAL PATCH Act Now

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.3%.

RCE Java Fedora Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
9.8
EPSS
21.3%
CVE-2017-7220 HIGH POC This Week

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Documentum Content Server
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-7990 HIGH POC PATCH This Week

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS CSRF Openmrs Module Reporting
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1558 CRITICAL PATCH Act Now

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.9%.

Buffer Overflow D-Link Dap 3662 Firmware Dap 2310 Firmware Dap 2330 Firmware +7
NVD
CVSS 3.0
9.8
EPSS
14.9%
CVE-2016-2347 HIGH POC PATCH This Week

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Leap Opensuse Debian Linux +1
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-7994 MEDIUM POC This Month

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-4075 MEDIUM POC This Month

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Opera Browser Opera Mini
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-1557 CRITICAL PATCH Act Now

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware Wndap350 Firmware Wndap360 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-3067 CRITICAL Act Now

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cygwin
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-5168 HIGH This Week

Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2016-2433 HIGH This Week

The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Broadcom Google Authentication Bypass RCE Android
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-0720 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Pcs Fedora Enterprise Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7951 HIGH PATCH This Week

WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Wondercms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1559 HIGH PATCH This Week

D-Link DAP-1353 H/W vers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

D-Link Information Disclosure Dap 1353 H W B1 Firmware Dap 2553 H W A1 Firmware Dap 3520 H W A1 Firmware
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2016-1518 HIGH This Week

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Wave
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2016-1148 HIGH This Week

Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Akerun
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2016-0721 HIGH PATCH This Week

Session fixation vulnerability in pcsd in pcs before 0.9.157. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Pcs Fedora Enterprise Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-10091 HIGH PATCH This Week

Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Unrtf
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2016-9954 HIGH PATCH This Week

The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Irregex
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-1520 HIGH This Week

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Wave
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-4846 HIGH This Week

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phishwall Client
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-1556 HIGH PATCH This Week

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware Wndap350 Firmware Wndap360 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-8050 HIGH PATCH This Week

Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Appliance
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-0833 HIGH This Week

Android allows users to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-1187 MEDIUM This Month

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Kunai
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2016-1194 MEDIUM This Month

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-7409 MEDIUM This Month

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7992 MEDIUM PATCH This Month

Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Heartland Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4840 MEDIUM This Month

Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Coordinate Plus
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2016-4830 MEDIUM This Month

Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Sushiro
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2016-1186 MEDIUM This Month

Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Kintone
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2016-1198 MEDIUM This Month

Photopt for Android before 2.0.1 does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Photopt
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-4832 MEDIUM This Month

WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Waon
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-1221 MEDIUM This Month

Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Jetstar
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-1210 MEDIUM This Month

The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure 105 Bank
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-1519 MEDIUM This Month

The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Wave
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-1184 MEDIUM This Month

Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Tokyo Star Bank
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2016-4829 MEDIUM This Month

DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Ppv Play Player
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-6519 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Openstack Manila
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3702 MEDIUM This Month

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Cloudforms Management Engine
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-4841 MEDIUM This Month

Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mailwise
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy