Skip to main content
CVE-2014-0997 HIGH POC THREAT Act Now

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%.

Denial Of Service Google Samsung Android
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.3%
CVE-2017-14703 CRITICAL POC Act Now

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cash Back Comparison
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14704 HIGH POC This Week

Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Airbnb Clone
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-14743 HIGH POC This Week

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Fsc 880 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-13129 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zktime Web
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14749 HIGH POC This Week

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Jerryscript
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-7974 CRITICAL Act Now

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Schneider Electric RCE U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2015-7670 CRITICAL Act Now

Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Support Ticket System
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-9957 CRITICAL Act Now

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-7390 CRITICAL Act Now

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Testlink
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-7973 CRITICAL Act Now

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-8707 CRITICAL Act Now

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Magento
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14001 HIGH This Week

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Asterisk Gui
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2017-5200 HIGH PATCH This Week

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2014-8170 HIGH This Week

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ovirt Node
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-1539 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-5192 HIGH PATCH This Week

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-7969 HIGH PATCH This Week

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Schneider Electric Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1527 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-14745 HIGH PATCH This Week

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-9961 HIGH This Week

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric Pro Face Gp Pro Ex
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-8156 HIGH This Week

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Debian Ubuntu Privilege Escalation +4
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9958 HIGH This Week

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14739 HIGH PATCH This Week

The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9962 HIGH This Week

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Clearscada
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-9956 HIGH This Week

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-14602 HIGH PATCH This Week

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Citrix Authentication Bypass Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-12154 HIGH PATCH This Week

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.1
EPSS
0.0%
CVE-2014-8889 MEDIUM This Month

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Dropbox Sdk
NVD
CVSS 3.0
5.3
EPSS
8.3%
CVE-2017-14741 MEDIUM PATCH This Month

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-7971 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7970 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14744 MEDIUM This Month

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ueditor
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14751 MEDIUM This Month

The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Jobs
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7391 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Testlink
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-0874 MEDIUM This Month

Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Smart Passbook
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-7972 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1000252 MEDIUM PATCH This Month

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9959 MEDIUM This Month

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric U Motion Builder
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-14737 MEDIUM This Month

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Botan Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-1531 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1530 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1425 MEDIUM This Month

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14748 MEDIUM This Month

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Overwatch
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-9960 MEDIUM This Month

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-3248 MEDIUM This Month

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Openhpi
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2015-5069 MEDIUM PATCH This Month

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Battle For Wesnoth Fedora
NVD GitHub
CVSS 3.0
4.3
EPSS
0.7%
CVE-2015-0238 LOW Monitor

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2015-5070 LOW PATCH Monitor

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Battle For Wesnoth Fedora
NVD GitHub
CVSS 3.0
3.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy