Skip to main content
CVE-2012-6636 MEDIUM POC THREAT This Month

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.3%.

Privilege Escalation Java Google Android Api
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
76.3%
Threat
5.2
CVE-2014-1886 MEDIUM POC This Month

The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Google Edinburgh By Bus
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-1684 MEDIUM POC THREAT This Month

The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.8%.

Denial Of Service Vlc Media Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
12.8%
CVE-2013-1409 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Commentluv
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
CVE-2014-1840 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Mybb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1887 MEDIUM POC This Month

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Google Drinkedin Barfinder
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3259 MEDIUM This Month

Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Zoom Player
NVD
CVSS 2.0
6.8
EPSS
5.9%
CVE-2013-3260 MEDIUM This Month

Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Zoom Player
NVD
CVSS 2.0
6.8
EPSS
3.4%
CVE-2014-1885 MEDIUM This Month

The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Google Forzearmate
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2013-3487 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Bulletproof Security
NVD
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy