Skip to main content
CVE-2013-3664 CRITICAL POC THREAT Emergency

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.6%.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
16.6%
CVE-2013-3662 CRITICAL POC THREAT Emergency

Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.9%.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
15.9%
CVE-2013-7388 CRITICAL POC Act Now

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
8.0%
CVE-2014-1377 CRITICAL POC Act Now

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1376 CRITICAL POC Act Now

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation RCE Intel Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1373 CRITICAL POC Act Now

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation RCE Intel Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-1379 CRITICAL POC Act Now

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2014-1358 CRITICAL Act Now

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2014-1357 CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Tvos Iphone Os +1
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2014-1356 CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X Iphone Os +1
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2014-1359 CRITICAL Act Now

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Tvos Iphone Os Mac Os X
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-1381 CRITICAL Act Now

Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Privilege Escalation RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-1372 MEDIUM POC This Month

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-4513 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Activehelper Livehelp Live Chat
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2014-3492 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3491 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4569 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Videowhisper Live Streaming Integration
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4520 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Dmca Watermarker
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3494 MEDIUM POC This Month

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Opensuse Kdelibs
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4602 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Xen Carousel
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4585 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Facethumb
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4584 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Easybooking
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4583 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Contact Sidebar Widget
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4575 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wikipop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4564 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Validated Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4556 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Swipe Checkout For Eshop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4545 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Pro Quoter
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4538 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Malware Finder
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4533 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Geo Redirector
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4528 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Fbpromotions
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4521 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Dsidxpress Idx Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4518 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Contactme
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4516 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bic Media Widget
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4515 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Anyfont
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1371 HIGH This Week

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-2512 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Documentum Eroom
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-1382 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-1325 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-1340 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-1370 MEDIUM This Month

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1368 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1367 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1366 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1365 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1364 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1363 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1362 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1349 MEDIUM This Month

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2014-1354 MEDIUM This Month

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1383 MEDIUM This Month

Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Tvos
NVD
CVSS 2.0
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy