Skip to main content
CVE-2014-2525 MEDIUM POC THREAT This Month

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.2%.

RCE Buffer Overflow Libyaml Leap Opensuse
NVD VulDB
CVSS 2.0
6.8
EPSS
63.2%
Threat
4.8
CVE-2014-2668 MEDIUM POC THREAT This Month

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.4%.

Denial Of Service Apache Couchdb
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
40.4%
CVE-2014-0133 HIGH Act Now

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.9% and no vendor patch available.

Nginx Memory Corruption Buffer Overflow RCE Opensuse
NVD VulDB
CVSS 2.0
7.5
EPSS
20.9%
CVE-2013-0807 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Gpeasy Cms
NVD Exploit-DB GitHub VulDB
CVSS 2.0
4.3
EPSS
9.9%
CVE-2013-2694 MEDIUM This Month

Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Open Redirect Wp Symposium
NVD VulDB
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-2599 MEDIUM PATCH This Month

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-0734 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress PHP Mingle Forum
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2695 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress PHP Wp Symposium
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy