Skip to main content
CVE-2017-14322 CRITICAL POC THREAT Emergency

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.1%.

Authentication Bypass PHP Email Marketer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
26.1%
Threat
4.2
CVE-2017-15579 CRITICAL POC Act Now

In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Melody
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-15595 HIGH POC PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Xen
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.5%
CVE-2014-3709 HIGH POC PATCH This Week

The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Keycloak
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-15578 HIGH POC This Week

In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Melody
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7715 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Realtyna Property Listing
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-15359 MEDIUM POC THREAT This Month

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Path Traversal 3Cx
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
10.4%
CVE-2015-5739 CRITICAL PATCH Act Now

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Request Smuggling Information Disclosure Go Fedora Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
11.9%
CVE-2015-7714 HIGH POC This Week

Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla!. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Realtyna Property Listing
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
3.4%
CVE-2017-15600 HIGH POC This Week

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libextractor
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-15601 HIGH POC This Week

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libextractor
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-15602 HIGH POC This Week

In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libextractor
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-1239 MEDIUM POC This Month

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Openjpeg Pdfium Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2015-5740 CRITICAL PATCH Act Now

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Go Fedora Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2015-5376 CRITICAL Act Now

SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Winpat Portal
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14956 MEDIUM POC This Month

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Unified Security Management
NVD Exploit-DB
CVSS 3.0
5.7
EPSS
0.9%
CVE-2014-8491 MEDIUM POC This Month

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Grand Flagallery
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-5227 HIGH This Week

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Wordpress Landing Pages
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2017-15592 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Information Disclosure Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15594 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-15590 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-8022 HIGH This Week

An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Denial Of Service Networker
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2015-2156 HIGH PATCH This Week

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Netty Play Framework
NVD GitHub
CVSS 3.0
7.5
EPSS
3.3%
CVE-2017-15587 HIGH This Week

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mupdf
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15588 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Rated high severity (CVSS 7.8).

RCE Race Condition Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15572 HIGH PATCH This Week

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-15577 HIGH PATCH This Week

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-15576 HIGH PATCH This Week

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2014-3164 HIGH This Week

cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-5164 HIGH This Week

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE Qpid
NVD
CVSS 3.0
7.2
EPSS
1.7%
CVE-2017-15575 HIGH PATCH This Week

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine Debian Linux
NVD
CVSS 3.0
7.3
EPSS
0.7%
CVE-2016-5714 HIGH This Week

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Puppet Enterprise Puppet Agent
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2014-7813 MEDIUM This Month

Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Cloudforms 3 0 Management Engine
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-15583 MEDIUM This Month

The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Fox515T Firmware
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-15589 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15593 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15591 MEDIUM PATCH This Month

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-7943 MEDIUM This Month

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Drupal Jquery Update Labjs
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-15571 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-15570 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-15569 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15568 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15574 MEDIUM PATCH This Month

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15573 MEDIUM PATCH This Month

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-10515 MEDIUM PATCH This Month

In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8024 MEDIUM PATCH This Month

EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Isilon Onefs
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-6961 MEDIUM PATCH This Month

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15596 MEDIUM PATCH This Month

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Xen
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2014-7242 MEDIUM This Month

The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Sumaho Sumaho Driving Capability Diagnosis
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-3706 MEDIUM This Month

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
CVSS 3.0
5.9
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy