Skip to main content
CVE-2015-1376 MEDIUM POC THREAT This Month

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

WordPress PHP Authentication Bypass Pixabay Images
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
70.5%
Threat
4.4
CVE-2015-1419 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.1%.

Authentication Bypass Opensuse Vsftpd
NVD
CVSS 2.0
5.0
EPSS
76.1%
Threat
4.8
CVE-2014-8917 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Social Media Analytics Financial Transaction Manager Financial Transaction Manager For Check Services +1
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy