Skip to main content
CVE-2015-1427 CRITICAL POC KEV PATCH THREAT Act Now

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Elastic
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.3%
Threat
7.7
CVE-2014-8757 HIGH POC THREAT Act Now

LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Authentication Bypass On Screen Phone
NVD
CVSS 2.0
8.3
EPSS
10.8%
CVE-2015-1494 MEDIUM POC PATCH This Month

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Fancybox
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.6%
CVE-2015-1616 MEDIUM This Month

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Data Loss Prevention Endpoint
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0247 MEDIUM This Month

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow E2Fsprogs Debian Linux Ubuntu Linux +1
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2014-6194 MEDIUM PATCH This Month

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +9
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-8023 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-1618 MEDIUM This Month

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Loss Prevention Endpoint
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-9466 MEDIUM This Month

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-1621 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Webform Prepopulate Block
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1619 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Email Gateway
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1617 LOW Monitor

Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Data Loss Prevention Endpoint
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6102 LOW PATCH Monitor

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Privilege Escalation Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +9
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy