Skip to main content
CVE-2015-4038 MEDIUM POC THREAT This Month

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

WordPress Privilege Escalation PHP Wpmembership
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
12.0%
CVE-2015-4104 HIGH This Week

Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
7.8
EPSS
8.4%
CVE-2015-0263 MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Java Apache Camel
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2015-0264 MEDIUM PATCH This Month

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Java Apache Camel
NVD
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-4105 MEDIUM This Month

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4103 MEDIUM This Month

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4106 MEDIUM This Month

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Qemu Debian Linux Fedora +5
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-9721 MEDIUM This Month

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Zeromq
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy