Skip to main content
CVE-2017-12611 CRITICAL POC PATCH THREAT Act Now

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.2%.

Apache Information Disclosure Struts
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.2%
Threat
6.3
CVE-2015-4074 HIGH POC THREAT Act Now

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 85.8%.

Path Traversal Helpdesk Pro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
85.8%
Threat
5.6
CVE-2015-2826 MEDIUM POC THREAT This Month

WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.2%.

WordPress Information Disclosure Simple Ads Manager
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
43.2%
CVE-2017-8770 HIGH POC THREAT Act Now

There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.8%.

Information Disclosure Wifi Repeater Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
21.8%
CVE-2015-4073 CRITICAL POC THREAT Emergency

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

SQLi Helpdesk Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.2%
CVE-2015-4075 HIGH POC THREAT Act Now

The Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.4%.

Information Disclosure Helpdesk Pro
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
17.4%
CVE-2017-14596 CRITICAL POC Act Now

In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LDAP Code Injection Information Disclosure Joomla
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2017-7924 HIGH POC This Week

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell Information Disclosure 1763 L16Bwa Firmware 1763 L16Awa Firmware 1763 L16Bbb Firmware +1
NVD
CVSS 3.0
7.5
EPSS
10.0%
CVE-2015-5395 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Debian Linux Sogo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2015-5607 HIGH POC PATCH This Week

Cross-site request forgery in the REST API in IPython 2 and 3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Ipython Fedora
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14609 HIGH POC This Week

The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kannel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14339 HIGH POC This Week

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yadifa
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-14616 HIGH POC This Week

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Watchguard Fireware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-9231 HIGH POC This Week

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iterm2
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-5179 HIGH POC This Week

FreeIPA might display user data improperly via vectors involving non-printable characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeipa
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-14604 MEDIUM POC PATCH This Month

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nautilus Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
3.9%
CVE-2016-6795 CRITICAL PATCH Act Now

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Apache RCE Struts
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2017-14619 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-14615 MEDIUM POC This Month

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-1866 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ember Js
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-9758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2015-6673 CRITICAL Act Now

Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Libpgf
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8771 CRITICAL Act Now

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Repeater Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-8772 CRITICAL Act Now

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Repeater Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-4072 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpdesk Pro
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.4%
CVE-2015-9232 MEDIUM POC This Month

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Good For Enterprise
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-14608 CRITICAL PATCH Act Now

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libraw
NVD GitHub
CVSS 3.0
9.1
EPSS
0.3%
CVE-2015-1329 HIGH PATCH This Week

Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Ubuntu Use After Free RCE Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-9793 HIGH PATCH This Week

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
7.9%
CVE-2017-14618 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmyfaq
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.6%
CVE-2015-7347 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zcms
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-14607 HIGH PATCH This Week

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2017-9804 HIGH PATCH This Week

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2017-14623 HIGH PATCH This Week

In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password.e., a nil return value is interpreted as successful authorization) and (2) it is. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass LDAP
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2017-14617 HIGH This Week

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Poppler
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14610 HIGH This Week

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bareos
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-3890 HIGH This Week

Use-after-free vulnerability in Open Litespeed before 1.3.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Openlitespeed
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-9607 HIGH PATCH This Week

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2015-0162 HIGH This Week

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Privilege Escalation Security Siteprotector System
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-2927 MEDIUM This Month

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Node Js Uro Node Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-5248 MEDIUM This Month

Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Feedhenry Enterprise Mobile Application Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9645 MEDIUM This Month

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dmc 3000 Transmitter Firmware Ipam Transmitter F Dmc 2000 Firmware Rds 31 Itx Firmware Drm 1 2 Firmware +4
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2015-4707 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ipython
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2016-8738 MEDIUM PATCH This Month

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Struts
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2015-5608 MEDIUM This Month

Open redirect vulnerability in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-12168 MEDIUM PATCH This Month

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2017-14621 MEDIUM This Month

Portus 2.2.0 has XSS via the Team field, related to typeahead. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portus
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-1865 MEDIUM This Month

fts.c in coreutils 8.4 allows local users to delete arbitrary files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Coreutils
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2017-9649 MEDIUM This Month

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package),. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Dmc 3000 Firmware Ipam Transmitter F Dmc 2000 Firmware Telepole Ii Firmware Rds 31 Itx Firmware +3
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2015-8224 LOW Monitor

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure P8 Firmware
NVD
CVSS 3.0
3.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy