Skip to main content
CVE-2018-25221 CRITICAL POC Act Now

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow Echat Server
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25223 CRITICAL POC PATCH Act Now

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Denial Of Service Crashmail
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2017-20229 CRITICAL POC PATCH Act Now

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Mawk
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2018-25220 CRITICAL POC PATCH Act Now

Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Bochs
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2017-20227 CRITICAL POC PATCH Act Now

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Java Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2017-20225 CRITICAL POC PATCH Act Now

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Memory Corruption Buffer Overflow Tiemu
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2016-20049 CRITICAL POC PATCH Act Now

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries.

RCE Memory Corruption Buffer Overflow Jad Java Decompiler
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-15604 CRITICAL PATCH Act Now

Amon2 for Perl versions before 6.17 use cryptographically weak random number generation for security-critical functions including session IDs, cookie signing secrets, and CSRF tokens. Versions 6.06-6.16 fall back to SHA-1 hashes seeded with predictable inputs (process ID from a small set, guessable epoch time, and the unsuitable built-in rand() function) when /dev/urandom is unavailable; versions before 6.06 relied entirely on built-in rand(). No CVSS vector or EPSS data is available, and no public exploit code or active exploitation has been confirmed, but the weakness directly undermines session security and CSRF protection in affected applications.

CSRF Amon2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3256 CRITICAL Act Now

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.

Information Disclosure Http
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy