Skip to main content
CVE-2017-14947 HIGH POC This Week

Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Gsview
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-14946 HIGH POC This Week

Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Gsview
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14945 HIGH POC This Week

Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Gsview
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-13982 HIGH This Week

A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Bsm Platform Application Performance Management System Health
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-9233 HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF PHP Cp Contact Form With Paypal
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-13989 HIGH This Week

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-14924 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14925 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2016-4434 HIGH PATCH This Week

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

XXE Apache Tika
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-13684 HIGH This Week

Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mcp Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14935 HIGH PATCH This Week

Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti Information Disclosure Pulse One On Premise
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14944 HIGH This Week

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Proget
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-14929 HIGH This Week

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Poppler
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-9234 HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Cp Contact Form With Paypal
NVD
CVSS 3.0
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy