Skip to main content
CVE-2014-1812 HIGH POC KEV PATCH THREAT Act Now

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
83.1%
Threat
7.3
CVE-2013-4468 MEDIUM POC THREAT This Month

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.4%.

PHP Information Disclosure Vicidial
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
82.4%
Threat
5.3
CVE-2014-1815 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
40.2%
Threat
4.6
CVE-2014-1806 CRITICAL POC THREAT Emergency

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.8%.

RCE Code Injection Microsoft Net Framework
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
26.8%
Threat
4.3
CVE-2014-1849 CRITICAL POC THREAT Emergency

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.1%.

Authentication Bypass Ip Camera Firmware
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
21.1%
Threat
4.1
CVE-2014-0525 CRITICAL Emergency

The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.3% and no vendor patch available.

Adobe Privilege Escalation RCE Microsoft Acrobat Reader +1
NVD
CVSS 2.0
10.0
EPSS
31.3%
CVE-2014-2046 CRITICAL POC THREAT Emergency

cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information. Rated critical severity (CVSS 9.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Broadcom Information Disclosure Pipa C211 Web Interface Pipa C211
NVD Exploit-DB
CVSS 2.0
9.7
EPSS
12.3%
CVE-2014-0310 CRITICAL Act Now

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
20.9%
CVE-2014-1756 CRITICAL Act Now

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.1% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
20.1%
CVE-2014-0528 CRITICAL Act Now

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.8% and no vendor patch available.

Adobe RCE Microsoft Acrobat Reader Acrobat
NVD
CVSS 2.0
10.0
EPSS
14.8%
CVE-2014-0529 CRITICAL Act Now

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.8% and no vendor patch available.

Adobe Buffer Overflow RCE Microsoft Acrobat +1
NVD
CVSS 2.0
10.0
EPSS
14.8%
CVE-2014-0251 CRITICAL Act Now

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.6% and no vendor patch available.

RCE Code Injection Microsoft Office Web Apps Server Project Server +6
NVD
CVSS 2.0
9.0
EPSS
19.6%
CVE-2014-1813 HIGH Act Now

Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability.". Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 20.2% and no vendor patch available.

RCE Code Injection Microsoft Web Applications
NVD
CVSS 2.0
8.5
EPSS
20.2%
CVE-2014-0526 CRITICAL Act Now

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.5% and no vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +2
NVD
CVSS 2.0
10.0
EPSS
12.5%
CVE-2014-0256 MEDIUM This Month

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.9% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 2.0
5.0
EPSS
36.9%
CVE-2014-0255 MEDIUM This Month

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.9% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 2.0
5.0
EPSS
36.9%
CVE-2013-2226 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Glpi
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-0524 CRITICAL Act Now

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +2
NVD
CVSS 2.0
10.0
EPSS
8.3%
CVE-2014-0523 CRITICAL Act Now

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +2
NVD
CVSS 2.0
10.0
EPSS
8.3%
CVE-2014-0522 CRITICAL Act Now

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +2
NVD
CVSS 2.0
10.0
EPSS
8.3%
CVE-2014-1909 HIGH POC This Week

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow Android Debug Bridge Android Sdk Platform Tools +1
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-0513 CRITICAL Act Now

Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Buffer Overflow RCE Illustrator
NVD
CVSS 2.0
10.0
EPSS
7.9%
CVE-2014-3443 MEDIUM POC THREAT This Month

JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Buffer Overflow Jetaudio
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.3%
CVE-2014-0527 CRITICAL Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe RCE Microsoft Acrobat Acrobat Reader
NVD
CVSS 2.0
10.0
EPSS
6.7%
CVE-2013-3514 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.3%.

Path Traversal CSRF PHP Openx
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.3%
CVE-2014-3146 MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Lxml
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.3%
CVE-2014-2591 MEDIUM POC This Month

Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Information Disclosure Patrol Agent
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-7376 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF PHP Openx
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2700 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Wp125
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2405 CRITICAL Act Now

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Debian Ubuntu Openjdk
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2014-0462 CRITICAL Act Now

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Debian Ubuntu Openjdk
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2014-3441 MEDIUM POC This Month

codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Vlc Media Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.0%
CVE-2014-3225 MEDIUM POC PATCH This Month

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cobbler
NVD Exploit-DB GitHub
CVSS 2.0
4.0
EPSS
6.1%
CVE-2014-1603 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-1809 MEDIUM This Month

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 2.0
6.8
EPSS
10.0%
CVE-2013-1765 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Smart Flv
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.8%
CVE-2013-5939 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Guesbook Module
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3121 HIGH This Week

rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Rxvt Unicode
NVD
CVSS 2.0
7.6
EPSS
3.3%
CVE-2014-0521 MEDIUM This Month

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.3% and no vendor patch available.

Adobe Information Disclosure Microsoft Acrobat Reader Acrobat
NVD
CVSS 2.0
4.3
EPSS
18.3%
CVE-2014-0520 HIGH This Week

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Flash Player Adobe Air
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-0519 HIGH This Week

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Flash Player Adobe Air
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-0518 HIGH This Week

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Flash Player Adobe Air
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-0517 HIGH This Week

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Flash Player Adobe Air
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-1742 HIGH This Week

Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-1741 HIGH This Week

Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-1740 HIGH This Week

Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-1807 HIGH PATCH This Week

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
7.2
EPSS
3.1%
CVE-2014-0516 HIGH This Week

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Flash Player Adobe Air
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-3127 HIGH This Week

dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Debian Dpkg
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2014-1808 MEDIUM This Month

Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.7% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 2.0
4.3
EPSS
14.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy