Skip to main content
CVE-2015-7648 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.8%.

Adobe RCE Microsoft Flash Player
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
56.8%
Threat
5.2
CVE-2015-7647 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.8%.

Adobe RCE Microsoft Flash Player
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
56.8%
Threat
5.2
CVE-2015-6477 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.5%.

XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
32.5%
CVE-2015-7642 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Air Air Sdk +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7641 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7640 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7639 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Air Air Sdk +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7638 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7637 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7636 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-7635 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Air Air Sdk +2
NVD
CVSS 2.0
10.0
EPSS
7.4%
CVE-2015-6845 HIGH This Week

EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sourceone Email Supervisor
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-7033 MEDIUM This Month

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Numbers +3
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2015-7034 MEDIUM This Month

The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iwork +1
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-7184 MEDIUM This Month

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-6846 MEDIUM This Month

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Sourceone Email Supervisor
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-5662 MEDIUM This Month

Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Avast Antivirus
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2015-6843 MEDIUM This Month

Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sourceone Email Supervisor
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-6482 MEDIUM This Month

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Codesys Runtime System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-7032 MEDIUM This Month

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Numbers Iwork Pages +1
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-5444 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Smart Profile Server Data Analytics Layer
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6844 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Sourceone Email Supervisor
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-5661 MEDIUM This Month

The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Airdroid
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy