Skip to main content
CVE-2013-2134 CRITICAL POC PATCH THREAT Act Now

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.5%.

Code Injection Apache RCE Struts
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
91.5%
Threat
6.1
CVE-2013-2135 CRITICAL PATCH Act Now

{}" and "%{}" sequences, which causes the OGNL code to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 83.0%.

Code Injection Apache RCE Struts
NVD
CVSS 2.0
9.3
EPSS
83.0%
Threat
4.4
CVE-2013-4117 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.

WordPress PHP XSS Category Grid View Gallery
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.8%
CVE-2013-1943 HIGH PATCH This Week

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Enterprise Linux Eus +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2013-3491 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress XSS Sharebar
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1935 MEDIUM This Month

A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest. Rated medium severity (CVSS 5.7). No vendor patch available.

Red Hat Denial Of Service Race Condition Enterprise Linux
NVD
CVSS 2.0
5.7
EPSS
0.1%
CVE-2013-1907 MEDIUM This Month

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Commons Commons Group
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-1908 MEDIUM PATCH This Month

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Commons Commons Wikis
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2122 MEDIUM This Month

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Edit Limit
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2188 MEDIUM This Month

A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain. Rated medium severity (CVSS 4.7). No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Linux
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-0246 MEDIUM PATCH This Month

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Drupal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1925 LOW PATCH Monitor

The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Ctools
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2013-0245 LOW PATCH Monitor

The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Privilege Escalation Drupal
NVD
CVSS 2.0
2.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy