Skip to main content
CVE-2016-1555 CRITICAL POC KEV PATCH THREAT Act Now

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2016-1560 CRITICAL POC THREAT Emergency

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.7%.

Authentication Bypass Ex3000 Firmware Ex5000 Firmware Ex7000 Firmware Ex10000E Firmware +4
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
81.7%
Threat
5.9
CVE-2017-8051 CRITICAL POC PATCH THREAT Act Now

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.1%.

Command Injection Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.1%
Threat
5.1
CVE-2016-3109 CRITICAL POC PATCH THREAT Act Now

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

RCE Shopware
NVD GitHub
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2016-2173 CRITICAL PATCH Act Now

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.3%.

RCE Java Fedora Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
9.8
EPSS
21.3%
CVE-2016-1558 CRITICAL PATCH Act Now

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.9%.

Buffer Overflow D-Link Dap 3662 Firmware Dap 2310 Firmware Dap 2330 Firmware +7
NVD
CVSS 3.0
9.8
EPSS
14.9%
CVE-2016-1557 CRITICAL PATCH Act Now

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware Wndap350 Firmware Wndap360 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-3067 CRITICAL Act Now

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cygwin
NVD
CVSS 3.0
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy