Skip to main content
CVE-2016-7836 CRITICAL POC KEV THREAT Emergency

SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
46.9%
Threat
6.4
CVE-2016-7806 CRITICAL PATCH Act Now

I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.0%.

Command Injection Wfs Sr01 Firmware
NVD
CVSS 3.0
9.8
EPSS
11.0%
CVE-2016-7835 CRITICAL PATCH Act Now

Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure H2O
NVD GitHub
CVSS 3.0
9.1
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy