Skip to main content
CVE-2015-3253 CRITICAL PATCH Act Now

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.7%.

RCE Denial Of Service Java Apache Groovy +5
NVD
CVSS 3.0
9.8
EPSS
69.7%
Threat
4.1
CVE-2015-4666 MEDIUM POC THREAT This Month

Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Path Traversal PHP Xsuite
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.4%
CVE-2015-5536 CRITICAL PATCH Act Now

Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request;. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation N300 Dual Band Wi Fi Range Extender Firmware
NVD
CVSS 2.0
9.0
EPSS
3.4%
CVE-2015-5474 CRITICAL Act Now

BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Bittorrent Utorrent
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-4665 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Xsuite
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
CVE-2015-5685 HIGH This Week

The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Bootstrap Dht Bootstrap
NVD GitHub
CVSS 2.0
7.5
EPSS
6.6%
CVE-2015-2321 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Job Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.5%
CVE-2015-5535 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Qtranslate
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy