Skip to main content
CVE-2017-12798 MEDIUM POC This Month

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nexusphp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6812 MEDIUM PATCH This Month

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Cxf
NVD
CVSS 3.0
6.1
EPSS
8.6%
CVE-2017-3753 MEDIUM This Month

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Lenovo Ideacentre 300 20Ish Firmware Ideacentre 300S 11Ish Firmware +109
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-0762 MEDIUM PATCH This Month

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Tomcat Apache Information Disclosure Ubuntu Linux Debian Linux +12
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2014-0146 MEDIUM This Month

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-0142 MEDIUM This Month

QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1168 MEDIUM PATCH This Month

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1431 MEDIUM PATCH This Month

IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Streams
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6794 MEDIUM PATCH This Month

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass Apache Debian Linux Jboss Enterprise Web Server +11
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-7737 MEDIUM This Month

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiweb
NVD
CVSS 3.0
4.9
EPSS
0.4%
CVE-2017-1377 MEDIUM This Month

IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Runbook Automation
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy