Skip to main content
CVE-2014-9311 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Shareaholic
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.4%
CVE-2015-0098 HIGH This Week

Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows Server 2008
NVD
CVSS 2.0
7.2
EPSS
0.8%
CVE-2015-2831 HIGH This Week

Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Das Watchdog
NVD GitHub
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2114 MEDIUM This Month

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Support Solution Framework
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-1653 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
4.3
EPSS
9.9%
CVE-2015-1640 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Project Server
NVD
CVSS 2.0
4.3
EPSS
9.0%
CVE-2015-1639 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 2.0
4.3
EPSS
6.9%
CVE-2015-3044 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2015-3040 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-0357 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Flash Player
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-0844 MEDIUM This Month

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Battle For Wesnoth Fedora
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-5032 MEDIUM This Month

GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3293 MEDIUM This Month

FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimail
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-1647 LOW PATCH Monitor

Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 8 1 Windows Server 2012
NVD
CVSS 2.0
2.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy