Skip to main content
CVE-2015-4074 HIGH POC THREAT Act Now

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 85.8%.

Path Traversal Helpdesk Pro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
85.8%
Threat
5.6
CVE-2017-8770 HIGH POC THREAT Act Now

There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.8%.

Information Disclosure Wifi Repeater Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
21.8%
CVE-2015-4075 HIGH POC THREAT Act Now

The Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.4%.

Information Disclosure Helpdesk Pro
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
17.4%
CVE-2017-7924 HIGH POC This Week

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell Information Disclosure 1763 L16Bwa Firmware 1763 L16Awa Firmware 1763 L16Bbb Firmware +1
NVD
CVSS 3.0
7.5
EPSS
10.0%
CVE-2015-5395 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Debian Linux Sogo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2015-5607 HIGH POC PATCH This Week

Cross-site request forgery in the REST API in IPython 2 and 3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Ipython Fedora
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14609 HIGH POC This Week

The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kannel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14339 HIGH POC This Week

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yadifa
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-14616 HIGH POC This Week

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Watchguard Fireware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-9231 HIGH POC This Week

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iterm2
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-5179 HIGH POC This Week

FreeIPA might display user data improperly via vectors involving non-printable characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeipa
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-1329 HIGH PATCH This Week

Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Ubuntu Use After Free RCE Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-9793 HIGH PATCH This Week

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
7.9%
CVE-2017-14607 HIGH PATCH This Week

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2017-9804 HIGH PATCH This Week

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Struts
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2017-14623 HIGH PATCH This Week

In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password.e., a nil return value is interpreted as successful authorization) and (2) it is. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass LDAP
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2017-14617 HIGH This Week

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Poppler
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14610 HIGH This Week

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bareos
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-3890 HIGH This Week

Use-after-free vulnerability in Open Litespeed before 1.3.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Openlitespeed
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-9607 HIGH PATCH This Week

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2015-0162 HIGH This Week

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Privilege Escalation Security Siteprotector System
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy