Skip to main content
CVE-2015-4062 MEDIUM POC PATCH THREAT This Month

SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

WordPress SQLi PHP Newstatpress
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
10.3%
CVE-2015-4064 MEDIUM POC PATCH This Month

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Landing Pages
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.4%
CVE-2015-4066 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Gigpress
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.7%
CVE-2015-2666 MEDIUM PATCH This Month

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain. Rated medium severity (CVSS 6.9).

Linux Buffer Overflow Linux Kernel Fedora
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-9710 MEDIUM PATCH This Month

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL. Rated medium severity (CVSS 6.9).

Race Condition Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-3339 MEDIUM This Month

Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Race Condition Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 2.0
6.2
EPSS
0.0%
CVE-2015-3922 MEDIUM This Month

Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Open Redirect Coppermine Photo Gallery
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3332 MEDIUM This Month

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash). Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Canonical Denial Of Service Google Linux Debian Linux +2
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-9715 MEDIUM This Month

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy