Skip to main content
CVE-2014-0112 HIGH POC PATCH THREAT Act Now

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.4%.

RCE Privilege Escalation Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
91.4%
Threat
5.7
CVE-2014-0113 HIGH POC PATCH THREAT Act Now

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

RCE Privilege Escalation Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
82.1%
Threat
5.5
CVE-2014-0088 HIGH PATCH This Week

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Nginx RCE Buffer Overflow
NVD VulDB
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-7235 HIGH This Week

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simple Machines Forum
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7236 HIGH This Week

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Simple Machines Forum
NVD VulDB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-7134 HIGH This Week

Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Juvia
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-7373 HIGH This Week

Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

OpenSSL Google Information Disclosure Android
NVD VulDB
CVSS 2.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy