Skip to main content
CVE-2015-0235 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Memory Corruption Buffer Overflow RCE Glibc Communications Application Session Controller +16
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.7%
Threat
6.1
CVE-2015-1376 MEDIUM POC THREAT This Month

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

WordPress PHP Authentication Bypass Pixabay Images
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
70.5%
Threat
4.4
CVE-2015-1419 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.1%.

Authentication Bypass Opensuse Vsftpd
NVD
CVSS 2.0
5.0
EPSS
76.1%
Threat
4.8
CVE-2015-1375 HIGH POC THREAT Act Now

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.8%.

WordPress Privilege Escalation PHP Pixabay Images
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
24.8%
CVE-2015-0312 CRITICAL PATCH Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Adobe RCE Microsoft Flash Player Flash Player Desktop Runtime
NVD
CVSS 2.0
9.3
EPSS
4.7%
CVE-2015-0586 HIGH This Week

The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2015-0581 HIGH This Week

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Denial Of Service Prime Service Catalog
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-8920 HIGH PATCH This Week

Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Buffer Overflow Microsoft I Access
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-8917 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Social Media Analytics Financial Transaction Manager Financial Transaction Manager For Check Services +1
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy