Skip to main content
CVE-2014-3931 CRITICAL POC KEV THREAT Emergency

fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
35.6%
Threat
6.0
CVE-2015-4624 HIGH POC THREAT Act Now

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and EPSS exploitation probability 47.6%.

CSRF Authentication Bypass Wi Fi Pineapple Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
47.6%
Threat
4.4
CVE-2016-6561 HIGH POC PATCH This Week

illumos smbsrv NULL pointer dereference allows system crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Illumos
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-2775 HIGH POC This Week

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Labview
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2014-5008 CRITICAL PATCH Act Now

Snoopy allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Snoopy Openstack Debian Linux
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2014-5009 CRITICAL PATCH Act Now

Snoopy allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Snoopy Openstack Nagios
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2017-3010 CRITICAL Act Now

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-7359 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7363 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7362 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7361 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7360 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7309 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
4.8
EPSS
2.5%
CVE-2016-6111 CRITICAL PATCH Act Now

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Curam Social Program Management
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2017-7241 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2017-6973 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2016-8917 HIGH PATCH This Week

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6560 HIGH PATCH This Week

illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Illumos
NVD GitHub
CVSS 3.0
8.6
EPSS
0.5%
CVE-2016-9707 HIGH PATCH This Week

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Rational Rhapsody Design Manager Rational Quality Manager +5
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-3009 HIGH This Week

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-7374 HIGH PATCH This Week

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9114 HIGH PATCH This Week

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Opensuse Fedora Util Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-2647 HIGH PATCH This Week

The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8032 HIGH PATCH This Week

Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Intel Authentication Bypass Anti Malware Scan Engine
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-1154 MEDIUM PATCH This Month

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Algo One
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6209 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nagios. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9990 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9319 MEDIUM PATCH This Month

There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Trend Micro Information Disclosure Mobile Security
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-8935 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6036 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6031 MEDIUM PATCH This Month

IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6022 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1171 MEDIUM PATCH This Month

The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy