Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2015-9416 The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9417 The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9418 The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | 4.3 | MEDIUM | — | 0 |
| CVE-2015-9419 The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9420 The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9421 The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9443 The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9422 The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, P... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9423 The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_... | 5.4 | MEDIUM | — | 0 |
| CVE-2015-9424 The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9425 The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2015-9426 The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. | 4.6 | MEDIUM | — | 0 |
| CVE-2015-9427 The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9428 The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, l... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9429 The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9430 The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9449 The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | 7.2 | HIGH | — | 0 |
| CVE-2019-16899 In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | 7.5 | HIGH | — | 0 |
| CVE-2019-16900 Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | 7.5 | HIGH | — | 0 |
| CVE-2019-16901 Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | 7.5 | HIGH | — | 0 |
| CVE-2015-9431 The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9432 The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9433 The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9434 The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9435 The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | 9.8 | CRITICAL | — | 0 |
| CVE-2015-9444 The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9438 The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2015-9439 The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | 4.8 | MEDIUM | — | 0 |
| CVE-2015-9440 The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9441 The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9442 The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-12393 Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | 7.5 | HIGH | — | 0 |
| CVE-2015-9445 The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | 8.8 | HIGH | — | 0 |
| CVE-2015-9446 The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | 8.8 | HIGH | — | 0 |
| CVE-2015-9447 The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9448 The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | 8.8 | HIGH | — | 0 |
| CVE-2019-16903 Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-12617 In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | 2.7 | LOW | — | 0 |
| CVE-2019-14272 In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-14273 In SilverStripe assets 4.0, there is broken access control on files. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-14844 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user... | 7.5 | HIGH | — | 0 |
| CVE-2019-16904 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the cha... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16910 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-6623 stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | 8.8 | HIGH | — | 0 |
| CVE-2019-4378 IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authent... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-11782 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-0203 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to dis... | 7.5 | HIGH | — | 0 |
| CVE-2019-10082 In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | 9.1 | CRITICAL | — | 0 |
| CVE-2019-10092 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-10882 The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this ser... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.