Skip to main content
CVE-2015-0853 HIGH POC This Week

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Svn Workbench
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2015-5947 HIGH POC This Week

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Suitecrm
NVD GitHub
CVSS 3.1
8.1
EPSS
4.8%
CVE-2017-14164 HIGH POC PATCH This Week

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Openjpeg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2015-5948 HIGH POC PATCH This Week

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Race Condition Suitecrm
NVD GitHub
CVSS 3.0
8.1
EPSS
2.8%
CVE-2015-3450 HIGH This Week

Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Libaxl
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-3454 HIGH PATCH This Week

TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XSS Information Disclosure Vulcan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-2210 HIGH This Week

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Crs Retail Store
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7294 HIGH PATCH This Week

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

LDAP Code Injection Ldapauth Fork
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2014-6438 HIGH PATCH This Week

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ruby
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2015-5705 HIGH PATCH This Week

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Devscripts Fedora
NVD
CVSS 3.0
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy