Skip to main content
CVE-2015-7241 CRITICAL POC THREAT Emergency

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.4%.

XXE SAP Netweaver
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
27.4%
Threat
4.3
CVE-2015-0853 HIGH POC This Week

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Svn Workbench
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2015-5947 HIGH POC This Week

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Suitecrm
NVD GitHub
CVSS 3.1
8.1
EPSS
4.8%
CVE-2017-14164 HIGH POC PATCH This Week

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Openjpeg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2015-5948 HIGH POC PATCH This Week

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Race Condition Suitecrm
NVD GitHub
CVSS 3.0
8.1
EPSS
2.8%
CVE-2015-5959 CRITICAL PATCH Act Now

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Froxlor
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-3450 HIGH This Week

Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Libaxl
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-3163 MEDIUM POC This Month

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Beaker
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2015-3454 HIGH PATCH This Week

TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XSS Information Disclosure Vulcan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-2210 HIGH This Week

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Crs Retail Store
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7294 HIGH PATCH This Week

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

LDAP Code Injection Ldapauth Fork
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2014-6438 HIGH PATCH This Week

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ruby
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2015-5705 HIGH PATCH This Week

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Devscripts Fedora
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-14166 MEDIUM PATCH This Month

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libarchive Debian Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2017-14165 MEDIUM PATCH This Month

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Graphicsmagick
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-8316 MEDIUM This Month

Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Lightdm
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2015-2943 MEDIUM This Month

Honda Moto LINC 1.6.1 does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Moto Linc
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-12476 MEDIUM PATCH This Month

The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-12475 MEDIUM PATCH This Month

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-12474 MEDIUM PATCH This Month

The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-3162 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Beaker
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2015-7225 MEDIUM PATCH This Month

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Devise Two Factor
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2015-6250 MEDIUM PATCH This Month

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Simple Php Captcha
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-5186 MEDIUM This Month

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux Audit
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-3161 MEDIUM PATCH This Month

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Beaker
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2015-3160 MEDIUM This Month

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Beaker
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy