Skip to main content
CVE-2014-0497 CRITICAL POC KEV PATCH THREAT Act Now

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.1%
Threat
7.8
CVE-2013-4978 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 50.3%.

Buffer Overflow RCE Aloaha Pdf Suite Free Aloahapdfviewer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
50.3%
Threat
4.9
CVE-2013-4449 MEDIUM This Month

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 68.7% and no vendor patch available.

Denial Of Service Debian Linux Openldap
NVD
CVSS 2.0
4.3
EPSS
68.7%
CVE-2013-1852 HIGH POC This Week

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Leaguemanager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-2691 CRITICAL Act Now

Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 allows remote attackers to execute arbitrary code via a crafted MPEG2-TS video file, related to the MPEG2 transport stream. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.0% and no vendor patch available.

Buffer Overflow RCE Jetaudio
NVD
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-1466 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Glfusion
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2013-3639 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Xaraya
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.3%
CVE-2013-1880 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Activemq
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-1403 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Easyxdm
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-1967 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Mediaelement Js Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-1470 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Geeklog
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0755 MEDIUM This Month

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Rockwell Rslogix 5000 Design And Configuration Software
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-2074 MEDIUM This Month

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kdelibs
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-1833 MEDIUM This Month

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Devscripts
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1439 MEDIUM This Month

The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XXE Hiphop Virtual Machine For Php
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-0059 MEDIUM This Month

A flaw was found in Spacewalk-backend. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy