Skip to main content
CVE-2012-5849 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Clipbucket
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.5%
CVE-2015-1848 MEDIUM POC This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pacemaker Configuration System Enterprise Linux High Availability Enterprise Linux High Availability Eus Enterprise Linux Resilient Storage +1
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-3301 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Path Traversal WordPress PHP Thecartpress Ecommerce Shopping Cart
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
14.4%
CVE-2015-3300 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Thecartpress Ecommerce Shopping Cart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.0%
CVE-2014-1900 MEDIUM POC PATCH This Month

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ycb002 Firmware Ycb004 Firmware Ycw003 Firmware Ycb001 Firmware +14
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3986 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF WordPress PHP Thecartpress Ecommerce Shopping Cart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.6%
CVE-2015-2716 HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
5.6%
CVE-2015-0797 MEDIUM PATCH This Month

A buffer over-read vulnerability exists in GStreamer's H.264 video decoding implementation that affects Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey on Linux systems. Remote attackers can trigger a denial of service (application crash) or potentially execute arbitrary code by crafting malicious H.264 video data within an m4v file. With an EPSS score of 7.61% (92nd percentile) and patches available from vendors, this vulnerability represents a moderate exploitation risk despite its CVSS 6.8 rating, indicating real-world prioritization is warranted for affected Linux deployments.

RCE Denial Of Service Mozilla
NVD
CVSS 2.0
6.8
EPSS
7.6%
CVE-2015-2712 HIGH This Week

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Opensuse
NVD
CVSS 2.0
7.5
EPSS
3.9%
CVE-2015-2708 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2015-2709 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +4
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-8162 HIGH This Week

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Network Satellite Manager
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-3427 HIGH This Week

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PostgreSQL Quassel Debian Linux
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-1902 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Ycb004 Firmware Ycb002 Firmware Yck002 Firmware Yck003 Firmware +14
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-2717 MEDIUM This Month

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-2710 MEDIUM This Month

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Thunderbird Firefox +5
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-3987 HIGH This Week

Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Epo Deep Command
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2713 MEDIUM This Month

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-2715 MEDIUM This Month

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2014-1901 MEDIUM This Month

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Yceb03 Firmware Ycb004 Firmware Ycb002 Firmware Ycbl03 Firmware +14
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-3644 MEDIUM PATCH This Month

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Authentication Bypass Stunnel
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-3326 MEDIUM This Month

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft Scanmail
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0971 MEDIUM PATCH This Month

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3983 MEDIUM This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pacemaker Configuration System
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2720 MEDIUM This Month

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain. Rated medium severity (CVSS 4.4). No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-2711 MEDIUM This Month

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3397 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Yiiframework
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2718 MEDIUM This Month

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-2714 LOW Monitor

Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google Firefox
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy