Skip to main content
CVE-2016-1561 HIGH POC THREAT Act Now

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.4%.

Information Disclosure Ex3000 Firmware Ex5000 Firmware Ex7000 Firmware Ex10000E Firmware +4
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
84.4%
Threat
5.5
CVE-2016-5399 HIGH POC THREAT Act Now

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service Buffer Overflow RCE PHP Memory Corruption
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
13.9%
CVE-2017-7220 HIGH POC This Week

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Documentum Content Server
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-7990 HIGH POC PATCH This Week

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS CSRF Openmrs Module Reporting
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2347 HIGH POC PATCH This Week

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Leap Opensuse Debian Linux +1
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-5168 HIGH This Week

Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2016-2433 HIGH This Week

The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Broadcom Google Authentication Bypass RCE Android
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-0720 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Pcs Fedora Enterprise Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7951 HIGH PATCH This Week

WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Wondercms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1559 HIGH PATCH This Week

D-Link DAP-1353 H/W vers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

D-Link Information Disclosure Dap 1353 H W B1 Firmware Dap 2553 H W A1 Firmware Dap 3520 H W A1 Firmware
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2016-1518 HIGH This Week

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Wave
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2016-1148 HIGH This Week

Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Akerun
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2016-0721 HIGH PATCH This Week

Session fixation vulnerability in pcsd in pcs before 0.9.157. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Pcs Fedora Enterprise Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-10091 HIGH PATCH This Week

Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Unrtf
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2016-9954 HIGH PATCH This Week

The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Irregex
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-1520 HIGH This Week

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Wave
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-4846 HIGH This Week

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phishwall Client
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-1556 HIGH PATCH This Week

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware Wndap350 Firmware Wndap360 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-8050 HIGH PATCH This Week

Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Appliance
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-0833 HIGH This Week

Android allows users to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy