Critical · CVSS 9.8
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Published Apr 21, 2016 · Updated Oct 21, 2025
High · CVSS 8.4 · CISA KEV
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
Published May 5, 2016 · Updated Oct 21, 2025
Medium · CVSS 5.5 · CISA KEV
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
Published May 5, 2016 · Updated Oct 21, 2025
Medium · CVSS 5.5 · CISA KEV
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
Published May 5, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
Published May 11, 2016 · Updated Oct 21, 2025
High · CVSS 7.5 · CISA KEV
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
Published May 11, 2016 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Published Jun 1, 2016 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Published Jun 7, 2016 · Updated Oct 21, 2025
High · CVSS 7.5 · CISA KEV
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
Published Jun 9, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Published Jun 16, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
Published Jun 17, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.
Published Aug 9, 2016 · Updated Oct 21, 2025
Medium · CVSS 5.5 · CISA KEV
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
Published Aug 25, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Published Aug 25, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Published Aug 25, 2016 · Updated Oct 21, 2025
Medium · CVSS 6.5 · CISA KEV
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Published Sep 14, 2016 · Updated Oct 21, 2025
Medium · CVSS 6.5 · CISA KEV
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Published Oct 14, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."
Published Oct 14, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
Published Oct 14, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
Published Nov 1, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 7.5 · CISA KEV
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
Published Nov 18, 2016 · Updated Oct 21, 2025
Medium · CVSS 6.5 · CISA KEV
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
Published Nov 23, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
Published Dec 14, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
Published Dec 15, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
Published Dec 20, 2016 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Published Dec 30, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
Published Jan 19, 2017 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
Published Jan 30, 2017 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
Published Apr 6, 2017 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Published Apr 21, 2017 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
Published Jun 9, 2017 · Updated Oct 21, 2025
High · CVSS 7.5 · CISA KEV
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Published Jun 11, 2018 · Updated Oct 21, 2025
High · CVSS 7.2 · CISA KEV
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
Published Mar 9, 2020 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
Published Oct 19, 2022 · Updated Oct 21, 2025
Medium · CVSS 6.2
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
Published Jan 23, 2017 · Updated Aug 6, 2025
High · CVSS 7.5
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Published Dec 9, 2016 · Updated Aug 6, 2025
Medium · CVSS 6.5
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Published Jun 30, 2016 · Updated Jun 9, 2025
Medium · CVSS 4.6
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Published Feb 7, 2017 · Updated Jun 9, 2025
Critical · CVSS 9.8
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Published Jan 12, 2024 · Updated Jun 3, 2025
High · CVSS 7.5
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
Published Sep 20, 2022 · Updated May 29, 2025
Medium · CVSS 5.5
A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.
Published Jan 7, 2023 · Updated May 28, 2025
Critical · CVSS 9.8
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE" because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.
Published Oct 19, 2022 · Updated May 9, 2025
High · CVSS 7.3
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.
Published Jun 9, 2022 · Updated Apr 15, 2025
Medium · CVSS 6.3
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Published Jul 18, 2022 · Updated Apr 15, 2025
High · CVSS 7.3
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component.
Published Jul 23, 2022 · Updated Apr 14, 2025
High · CVSS 8.8
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.
Published Dec 27, 2022 · Updated Apr 11, 2025