Skip to main content
CVE-2016-10073 HIGH POC PATCH THREAT Act Now

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

PHP Information Disclosure Vanilla
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
53.6%
Threat
4.6
CVE-2015-5468 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.9%.

Path Traversal WordPress PHP Wp E Commerce Shop Styling
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
50.9%
Threat
4.5
CVE-2015-5469 HIGH POC THREAT Act Now

Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.1%.

Path Traversal WordPress PHP Mdc Youtube Downloader
NVD
CVSS 3.0
7.5
EPSS
49.1%
Threat
4.5
CVE-2017-8311 HIGH POC CISA Act Now

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Vlc Media Player
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
7.1%
Threat
5.3
CVE-2015-4704 HIGH POC This Week

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Download Zip Attachments
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2017-2794 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Marklogic
NVD
CVSS 3.0
8.3
EPSS
1.0%
CVE-2017-2793 HIGH POC This Week

An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Marklogic
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2015-4046 HIGH POC PATCH This Week

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Command Injection Open Source Security Information Management
NVD
CVSS 3.0
7.2
EPSS
6.2%
CVE-2017-2783 HIGH POC This Week

An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Marklogic
NVD
CVSS 3.0
8.3
EPSS
0.6%
CVE-2017-2797 HIGH POC This Week

An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Marklogic
NVD
CVSS 3.0
8.3
EPSS
0.3%
CVE-2015-4054 HIGH POC PATCH This Week

PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Pgbouncer
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-5735 HIGH POC PATCH This Week

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Pngquant
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-5401 HIGH POC This Week

Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Teradata Express Teradata Gateway
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-9212 HIGH POC This Week

The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bluetooth Stack
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-5682 HIGH POC This Week

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Privilege Escalation Powerplay Gallery
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9842 HIGH PATCH Act Now

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1%.

Information Disclosure Zlib Leap Opensuse Debian Linux +15
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
12.1%
CVE-2016-9840 HIGH PATCH Act Now

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.0%.

Information Disclosure Boost Zlib Leap Opensuse +16
NVD GitHub
CVSS 3.1
8.8
EPSS
10.0%
CVE-2016-5177 HIGH This Week

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google Use After Free Chrome +6
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-8913 HIGH This Week

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2017-8914 HIGH This Week

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js SAP Information Disclosure Hana Xs
NVD
CVSS 3.0
8.3
EPSS
0.5%
CVE-2015-6817 HIGH PATCH This Week

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Pgbouncer
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2015-5383 HIGH PATCH This Week

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-0374 HIGH PATCH This Week

lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Config Model
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1876 HIGH This Week

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-8089 HIGH This Week

The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Privilege Escalation P7 L09 Firmware P7 L05 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8309 HIGH PATCH This Week

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu Debian Linux Openstack
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-8915 HIGH This Week

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Hana Xs
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-9182 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-9180 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-9181 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9154 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9190 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9189 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9179 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9178 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9177 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9176 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9175 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9174 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9159 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9158 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9157 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9156 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9155 HIGH This Week

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Autotrace
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-1529 HIGH PATCH This Week

Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Google Android
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-6586 HIGH This Week

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Wlan Acu2 Firmware Wlan Ac6005 Firmware Wlan Ac6605 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0373 HIGH PATCH This Week

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Debian Information Disclosure Config Model
NVD
CVSS 3.0
7.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy