Skip to main content
CVE-2014-8586 HIGH POC THREAT Act Now

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.

WordPress SQLi Cp Multi View Event Calendar
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.0%
Threat
5.3
CVE-2014-7176 MEDIUM POC THREAT This Month

SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

SQLi Tuleap
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
13.8%
CVE-2014-0222 HIGH POC PATCH This Week

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Enterprise Server Qemu
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-8339 HIGH POC This Week

SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nuevoplayer Clipshare
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-2718 HIGH POC This Week

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Tm Ac1900 Rt Series Firmware
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2013-7057 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Securetransport
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-8473 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cloud Service Management
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4311 MEDIUM POC This Month

Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Epicor Enterprise
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-5387 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[]. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Expressionengine
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-7875 CRITICAL Act Now

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Laserjet Cm3530 Multifunction Printer Firmware
NVD
CVSS 2.0
9.0
EPSS
2.2%
CVE-2014-8591 MEDIUM POC This Month

Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8585 MEDIUM POC This Month

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Download Manager
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-0223 MEDIUM POC PATCH This Month

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Server Qemu
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-4539 HIGH PATCH This Week

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-8593 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Allomani Weblinks
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4527 HIGH PATCH This Week

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-4149 HIGH PATCH This Week

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-4540 HIGH PATCH This Week

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu Opensuse
NVD
CVSS 2.0
7.5
EPSS
3.8%
CVE-2014-0182 HIGH PATCH This Week

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
3.5%
CVE-2013-4148 HIGH PATCH This Week

Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
3.1%
CVE-2013-4538 HIGH PATCH This Week

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-4526 HIGH PATCH This Week

Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-4150 HIGH PATCH This Week

The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-4530 HIGH PATCH This Week

Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2013-4529 HIGH PATCH This Week

Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-4542 HIGH PATCH This Week

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-4534 HIGH PATCH This Week

Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4533 HIGH PATCH This Week

Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4531 HIGH PATCH This Week

Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4537 HIGH PATCH This Week

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2013-4541 HIGH PATCH This Week

The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-6399 HIGH PATCH This Week

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Qemu
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-4151 HIGH PATCH This Week

The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Buffer Overflow Code Injection Qemu
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2014-8474 HIGH PATCH This Week

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Cloud Service Management
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-8587 HIGH This Week

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Commoncryptolib Sapcryptolib Sapseculib +2
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-8588 HIGH This Week

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Hana
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3461 MEDIUM This Month

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-8472 MEDIUM PATCH This Month

CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Cloud Service Management
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3660 MEDIUM PATCH This Month

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Mac Os X Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
4.3%
CVE-2014-6130 MEDIUM This Month

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Google Information Disclosure Notes Traveler
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2014-8592 MEDIUM This Month

Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-8589 MEDIUM This Month

Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Network Interface Router
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8590 MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java Netweaver Java Application Server
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-8584 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Web Dorado Spider Video Player
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-8471 MEDIUM PATCH This Month

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Cloud Service Management
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4974 LOW Monitor

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Eset Information Disclosure Personal Firewall Ndis Filter
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy