Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2016-10875 The wp-database-backup plugin before 4.3.1 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2016-10876 The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. | N/A | NONE | — | 0 |
| CVE-2016-10877 The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues. | N/A | NONE | — | 0 |
| CVE-2016-10879 The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. | N/A | NONE | — | 0 |
| CVE-2017-18506 The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. | N/A | NONE | — | 0 |
| CVE-2017-18508 The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-20965 The ultimate-member plugin before 2.0.4 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-14948 The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-14949 The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-14950 The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | N/A | NONE | — | 0 |
| CVE-2015-9303 The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | N/A | NONE | — | 0 |
| CVE-2015-9304 The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | 6.1 | MEDIUM | — | 0 |
| CVE-2016-10872 The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-18499 The simple-membership plugin before 3.5.7 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-18500 The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. | N/A | NONE | — | 0 |
| CVE-2019-14945 The ultimate-member plugin before 2.0.54 for WordPress has XSS. | N/A | NONE | — | 0 |
| CVE-2019-14946 The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | N/A | NONE | — | 0 |
| CVE-2019-14947 The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | N/A | NONE | — | 0 |
| CVE-2019-14951 The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easi... | N/A | NONE | — | 0 |
| CVE-2019-12618 HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | N/A | NONE | — | 0 |
| CVE-2019-13462 Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | N/A | NONE | — | 0 |
| CVE-2019-14965 An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists. | N/A | NONE | — | 0 |
| CVE-2019-14966 An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. | N/A | NONE | — | 0 |
| CVE-2019-14967 An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. | N/A | NONE | — | 0 |
| CVE-2019-14968 An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. | N/A | NONE | — | 0 |
| CVE-2019-14969 Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to th... | N/A | NONE | — | 0 |
| CVE-2019-13417 Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activa... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-13418 Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. | 7.5 | HIGH | — | 0 |
| CVE-2019-14976 iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | N/A | NONE | — | 0 |
| CVE-2019-14359 On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a part... | N/A | NONE | — | 0 |
| CVE-2019-14980 In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-14981 In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a cra... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-14982 In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash. | N/A | NONE | — | 0 |
| CVE-2019-14987 Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. | N/A | NONE | — | 0 |
| CVE-2017-18514 The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18509 An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop gen... | 7.8 | HIGH | — | 0 |
| CVE-2019-14516 The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. | N/A | NONE | — | 0 |
| CVE-2019-14530 An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. I... | 8.8 | HIGH | — | 0 |
| CVE-2019-13419 Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. | N/A | NONE | — | 0 |
| CVE-2019-13420 Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. | 5.9 | MEDIUM | — | 0 |
| CVE-2019-5681 NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, den... | N/A | NONE | — | 0 |
| CVE-2019-8448 The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | N/A | NONE | — | 0 |
| CVE-2012-6713 The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | N/A | NONE | — | 0 |
| CVE-2013-7475 The contact-form-plugin plugin before 3.52 for WordPress has XSS. | N/A | NONE | — | 0 |
| CVE-2015-9293 The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | N/A | NONE | — | 0 |
| CVE-2015-9294 The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | N/A | NONE | — | 0 |
| CVE-2015-9295 The contact-form-plugin plugin before 3.96 for WordPress has XSS. | N/A | NONE | — | 0 |
| CVE-2015-9296 The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. | N/A | NONE | — | 0 |
| CVE-2015-9297 The events-manager plugin before 5.6 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9298 The events-manager plugin before 5.6 for WordPress has code injection. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.