VYPR

CVEs

31,185 total · page 477 of 624

  • CVE-2019-15320CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.

  • CVE-2019-15319CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.

  • CVE-2018-20985CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.08

    The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.

  • CVE-2018-20984CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.

  • CVE-2017-18583CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.

  • CVE-2017-18580CriAug 22, 2019
    risk 0.65cvss 9.8epss 0.12

    The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.

  • CVE-2016-10927CriAug 22, 2019
    risk 0.65cvss 10.0epss 0.02

    The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

  • CVE-2016-10926CriAug 22, 2019
    risk 0.65cvss 10.0epss 0.02

    The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.

  • CVE-2016-10923CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.

  • CVE-2016-10922CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.

  • CVE-2014-10384CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.

  • CVE-2014-10383CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.03

    The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.

  • CVE-2019-15318CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.

  • CVE-2018-20981CriAug 22, 2019
    risk 0.59cvss 9.1epss 0.02

    The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.

  • CVE-2018-20979CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.

  • CVE-2017-18573CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

  • CVE-2017-18571CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.

  • CVE-2017-18570CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.

  • CVE-2016-10921CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.

  • CVE-2016-10917CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.

  • CVE-2016-10916CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.

  • CVE-2015-9335CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.

  • CVE-2015-9333CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The cforms2 plugin before 14.6.10 for WordPress has SQL injection.

  • CVE-2019-6177CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.01

    A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that…

  • CVE-2019-10687CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.03

    KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.

  • CVE-2019-1974CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an…

  • CVE-2019-1938CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The…

  • CVE-2019-1937CriAug 21, 2019
    risk 0.73cvss 9.8epss 0.76

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator…

  • CVE-2019-1935CriAug 21, 2019
    risk 0.73cvss 9.8epss 0.83

    A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which…

  • CVE-2019-15074CriAug 21, 2019
    risk 0.56cvss 9.6epss 0.02

    The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user…

  • CVE-2014-10379CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.02

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.

  • CVE-2019-15111CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.

  • CVE-2016-10909CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.02

    The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.

  • CVE-2019-5035CriAug 20, 2019
    risk 0.59cvss 9.0epss 0.00

    An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device…

  • CVE-2019-8100CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-8098CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-8061CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8060CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead…

  • CVE-2019-8055CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8050CriAug 20, 2019
    risk 0.70cvss 9.8epss 0.41

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…

  • CVE-2019-6143CriAug 20, 2019
    risk 0.59cvss 9.1epss 0.01

    Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW…

  • CVE-2019-8049CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.20

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…

  • CVE-2019-8048CriAug 20, 2019
    risk 0.70cvss 9.8epss 0.35

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a buffer error vulnerability. Successful exploitation could lead to…

  • CVE-2019-8047CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8046CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.18

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…

  • CVE-2019-8045CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.16

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful…

  • CVE-2019-8044CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.14

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. Successful exploitation could lead to…

  • CVE-2019-8042CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.17

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…

  • CVE-2019-8041CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.18

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…

  • CVE-2019-8036CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…