Skip to main content
CVE-2012-5357 CRITICAL POC THREAT Emergency

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.6%.

RCE Ektron Content Management System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
82.6%
Threat
5.9
CVE-2017-7411 HIGH POC THREAT Act Now

An issue was discovered in Enalean Tuleap 9.6 and prior versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.9%.

RCE Code Injection Deserialization PHP Tuleap
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
73.9%
Threat
5.5
CVE-2015-0224 HIGH PATCH Act Now

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.0%.

Denial Of Service Apache Qpid
NVD
CVSS 3.0
7.5
EPSS
56.0%
CVE-2012-5358 CRITICAL POC Act Now

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ektron Content Management System
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-15921 HIGH POC This Week

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Anti Malware Online Security Pro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.7%
CVE-2017-15920 HIGH POC This Week

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Anti Malware Online Security Pro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.7%
CVE-2017-10151 CRITICAL PATCH Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8%.

Information Disclosure Oracle Identity Manager
NVD
CVSS 3.0
10.0
EPSS
13.8%
CVE-2014-0073 CRITICAL PATCH Act Now

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Apache Apple Privilege Escalation Cordova In App Browser Cordova
NVD GitHub
CVSS 3.0
9.8
EPSS
11.4%
CVE-2015-3249 CRITICAL Act Now

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Apache Traffic Server
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2013-4366 CRITICAL PATCH Act Now

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache Information Disclosure Httpclient
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2017-9377 HIGH PATCH This Week

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Clickshare Csm 1 Firmware Clickshare Csc 1 Firmware
NVD
CVSS 3.0
8.8
EPSS
5.7%
CVE-2012-4449 CRITICAL PATCH Act Now

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Hadoop
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2014-3624 CRITICAL PATCH Act Now

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Traffic Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-16230 MEDIUM POC This Month

In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Typecho
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15597 CRITICAL PATCH Act Now

An issue was discovered in Xen through 4.9.x. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Privilege Escalation Xen
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2016-3090 HIGH PATCH This Week

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Struts
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2013-4246 HIGH PATCH This Week

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Apache Subversion
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2015-0226 HIGH PATCH This Week

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Wss4J
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2012-0881 HIGH PATCH This Week

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Apache Xerces2 Java
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-9450 HIGH This Week

The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Amazon Web Services Cloudformation Bootstrap Bootstrap
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2014-0072 HIGH PATCH This Week

ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Apache Information Disclosure Cordova File Transfer Cordova
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-14919 HIGH This Week

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD VulDB
CVSS 3.0
7.5
EPSS
0.8%
CVE-2014-0115 HIGH PATCH This Week

Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Apache Storm
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2014-3526 HIGH PATCH This Week

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Wicket
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2012-5636 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Wicket
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2015-7549 MEDIUM This Month

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2017-1000255 MEDIUM This Month

On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-12460 MEDIUM This Month

An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Clickshare Csm 1 Firmware Clickshare Csc 1 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-15888 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Audio Station
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy