Newest CVEs

Page 2 of 2595 129741 total

IDDescriptionSeverity
CVE-2016-10951The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.No Score
CVE-2016-10950The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.No Score
CVE-2016-10949The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.No Score
CVE-2016-10948The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.medium
CVE-2016-10947The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.medium
CVE-2016-10946The wp-d3 plugin before 2.4.1 for WordPress has CSRF.medium
CVE-2019-16277PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.No Score
CVE-2017-18615The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.No Score
CVE-2017-18614The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.No Score
CVE-2017-18613The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.No Score
CVE-2017-18612The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.No Score
CVE-2016-10945The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.No Score
CVE-2016-10944The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.medium
CVE-2016-10943The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.medium
CVE-2016-10942The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.high
CVE-2016-10941The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.medium
CVE-2016-10940The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.medium
CVE-2016-10939The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.medium
CVE-2016-10938The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.medium
CVE-2019-16275hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.low
CVE-2019-13534Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.No Score
CVE-2019-13530Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.No Score
CVE-2019-8076Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.medium
CVE-2019-8070Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.high
CVE-2019-8069Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.high
CVE-2019-11899An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.medium
CVE-2019-11898Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.No Score
CVE-2019-14237On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.No Score
CVE-2019-14236On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.No Score
CVE-2019-11774Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.No Score
CVE-2019-11773Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.medium
CVE-2019-6009Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.medium
CVE-2019-6007Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors.medium
CVE-2019-6005Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.No Score
CVE-2019-6004Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.No Score
CVE-2019-6003Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.No Score
CVE-2019-5996SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.medium
CVE-2019-5993Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.No Score
CVE-2019-5992Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.medium
CVE-2019-5991SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.medium
CVE-2019-5986Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.No Score
CVE-2019-5985Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.No Score
CVE-2019-5978Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.medium
CVE-2019-5977Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.medium
CVE-2019-5976Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.medium
CVE-2019-5975DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.low
CVE-2019-5956Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors.high
CVE-2019-3638Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.medium
CVE-2019-16238Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.medium
CVE-2019-16261Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.high

Page 2 of 2595 129741 total