Skip to main content
CVE-2016-5003 CRITICAL POC THREAT Emergency

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

Deserialization Java Apache RCE Ws Xmlrpc
NVD
CVSS 3.0
9.8
EPSS
41.5%
Threat
4.7
CVE-2014-3579 CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Apache Activemq Apollo
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2014-3600 CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Apache Activemq
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-5053 CRITICAL Act Now

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Microsoft Information Disclosure +4
NVD
CVSS 3.1
9.6
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy