Skip to main content
CVE-2013-2251 CRITICAL POC KEV PATCH THREAT Act Now

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2013-2028 HIGH POC PATCH THREAT Act Now

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Denial Of Service Buffer Overflow Nginx Memory Corruption RCE +1
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
93.0%
Threat
5.8
CVE-2013-2248 MEDIUM POC PATCH THREAT This Month

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.0%.

Apache Open Redirect Struts
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
92.0%
Threat
5.4
CVE-2013-4870 HIGH This Week

SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi News Search
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4871 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Tq Seo
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2070 MEDIUM PATCH This Month

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Nginx Debian Linux
NVD
CVSS 2.0
5.8
EPSS
4.6%
CVE-2013-3656 MEDIUM This Month

Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Cybozu Office
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-1879 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Activemq
NVD
CVSS 2.0
4.3
EPSS
5.5%
CVE-2013-1955 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Easy Php Calendar
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy