CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 8 hours ago•3 views

ROOT-OS-DEBIAN-12-CVE-2017-0630 CVE-2017-0630 in rootio-linux - Patched by Root

Root has patched CVE-2017-0630 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

4.7CVSS8.3AI score0.00302EPSS

OSV•added 8 hours ago•3 views

ROOT-OS-DEBIAN-12-CVE-2017-13694 CVE-2017-13694 in rootio-linux - Patched by Root

Root has patched CVE-2017-13694 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS8.1AI score0.00122EPSS

OSV•added 9 hours ago•3 views

ROOT-OS-DEBIAN-11-CVE-2017-13693 CVE-2017-13693 in rootio-linux - Patched by Root

Root has patched CVE-2017-13693 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS8.2AI score0.00089EPSS

Nuclei•added 9 hours ago•25 views

WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution

Shortcodes Ultimate plugin before 5.0.1 for WordPress contains a remote code execution caused by a filter in meta, post, or user shortcode, letting remote attackers execute arbitrary code, exploit requires sending crafted shortcode data. id: CVE-2017-18580 info: name: WordPress Shortcodes Ultimat...

9.8CVSS8.7AI score0.70003EPSS

6.1CVSS6.3AI score0.00059EPSS

Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting

The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18517 info: name: Pinterest by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues...

7.5CVSS7.5AI score0.90232EPSS

Node.js <8.6.0 - Directory Traversal

Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules. id: CVE-2017-14849 info: name: Node.js 8.6.0 - Directory Traversal author: RandomRobbie severity: high...

Exploits2References5

Nuclei•added 9 hours ago•14 views

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS8.2AI score0.04301EPSS

Exploits1References2

Nuclei•added 9 hours ago•15 views

WordPress Mailster <=1.5.4 - Cross-Site Scripting

WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. id: CVE-2017-17451 info: name: WordPress Mailster =1.5.5 which includes a fix for this vulnerability. reference: -...

6.1CVSS6AI score0.14343EPSS

Exploits0References5

6.1CVSS6.1AI score0.00367EPSS

WordPress Qards - Cross-Site Scripting

WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. id: CVE-2017-18598 info: name: WordPress Qards - Cross-Site Scripting author: pussycat0x severity: medium description: WordPress Qards...

Exploits2References5

Nuclei•added 9 hours ago•13 views

KMCIS CaseAware - Cross-Site Scripting

KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. id: CVE-2017-5631 info: name: KMCIS CaseAware - Cross-Site Scripting author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected...

6.1CVSS6.1AI score0.2527EPSS

Exploits5References5

Nuclei•added 9 hours ago•72 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.3AI score0.09727EPSS

Exploits0References5

Nuclei•added 9 hours ago•24 views

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.3AI score0.00059EPSS

Nuclei•added 9 hours ago•113 views

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...

5.8CVSS5.9AI score0.02676EPSS

Exploits1References2

Nuclei•added 9 hours ago•22 views

AdPush < 1.44 - Cross-Site Scripting

The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multiple XSS issues. id: CVE-2017-18487 info: name: AdPush 1.44 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multip...

6.1CVSS6.2AI score0.00271EPSS

Nuclei•added 9 hours ago•30 views

OpenVPN Access Server 2.1.4 - CRLF Injection

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/. id:...

6.1CVSS6.5AI score0.08462EPSS

Exploits3References3

Nuclei•added 9 hours ago•48 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.6AI score0.0869EPSS

Exploits5References2

6.1CVSS6.4AI score0.02943EPSS

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...

Exploits5References2

Nuclei•added 9 hours ago•10 views

Intelbras WRN 150 - Authentication Bypass

Intelbras WRN 150 router is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication and download the router configuration file by manipulating the admin:language cookie. id: CVE-2017-14942 info: name: Intelbras WRN 150 - Authentication Bypass author:...

9.8CVSS7.2AI score0.01009EPSS

Exploits1References2

Nuclei•added 9 hours ago•16 views

PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting

The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18529 info: name: PromoBar by BestWebSoft 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.2AI score0.00059EPSS