Skip to main content
CVE-2015-2826 MEDIUM POC THREAT This Month

WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.2%.

WordPress Information Disclosure Simple Ads Manager
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
43.2%
CVE-2017-14604 MEDIUM POC PATCH This Month

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nautilus Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
3.9%
CVE-2017-14619 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-14615 MEDIUM POC This Month

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-1866 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ember Js
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-9758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2015-4072 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpdesk Pro
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.4%
CVE-2015-9232 MEDIUM POC This Month

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Good For Enterprise
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-14618 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmyfaq
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.6%
CVE-2015-7347 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zcms
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-2927 MEDIUM This Month

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Node Js Uro Node Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-5248 MEDIUM This Month

Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Feedhenry Enterprise Mobile Application Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9645 MEDIUM This Month

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dmc 3000 Transmitter Firmware Ipam Transmitter F Dmc 2000 Firmware Rds 31 Itx Firmware Drm 1 2 Firmware +4
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2015-4707 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ipython
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2016-8738 MEDIUM PATCH This Month

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Struts
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2015-5608 MEDIUM This Month

Open redirect vulnerability in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-12168 MEDIUM PATCH This Month

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2017-14621 MEDIUM This Month

Portus 2.2.0 has XSS via the Team field, related to typeahead. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portus
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-1865 MEDIUM This Month

fts.c in coreutils 8.4 allows local users to delete arbitrary files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Coreutils
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2017-9649 MEDIUM This Month

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package),. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Dmc 3000 Firmware Ipam Transmitter F Dmc 2000 Firmware Telepole Ii Firmware Rds 31 Itx Firmware +3
NVD
CVSS 3.0
5.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy