Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15713 | 1 My Calendar Project | 1 My Calendar | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-calendar plugin before 3.1.10 for WordPress has XSS. | |||||
| CVE-2016-10933 | 1 Portaudio Project | 1 Portaudio | 2019-08-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | |||||
| CVE-2018-16257 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16259 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16258 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16256 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16255 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2019-8447 | 1 Atlassian | 1 Jira | 2019-08-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2015-9357 | 1 Automattic | 1 Akismet | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The akismet plugin before 3.1.5 for WordPress has XSS. | |||||
| CVE-2019-13189 | 1 Eng | 1 Knowage | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | |||||
| CVE-2019-9150 | 1 Mailvelope | 1 Mailvelope | 2019-08-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported. | |||||
| CVE-2018-16254 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2019-10057 | 1 Lexmark | 50 Cs31x, Cs31x Firmware, Cs41x and 47 more | 2019-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Various Lexmark products have CSRF. | |||||
| CVE-2017-18591 | 1 Gdragon | 1 Gd Rating System | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. | |||||
| CVE-2019-15133 | 2 Canonical, Giflib Project | 2 Ubuntu Linux, Giflib | 2019-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. | |||||
| CVE-2018-18668 | 1 Gnuboard | 1 Gnuboard5 | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | |||||
| CVE-2015-9354 | 1 Tri.be | 1 Gigpress | 2019-08-29 | 3.5 LOW | 4.8 MEDIUM |
| The gigpress plugin before 2.3.11 for WordPress has XSS. | |||||
| CVE-2017-18579 | 1 Dwbooster | 1 Corner Ad | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The corner-ad plugin before 1.0.8 for WordPress has XSS. | |||||
| CVE-2016-10934 | 1 Check Email Project | 1 Check Email | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The check-email plugin before 0.5.2 for WordPress has XSS. | |||||
| CVE-2014-10382 | 1 Pippinsplugins | 1 Featured Comments | 2019-08-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. | |||||
| CVE-2014-10386 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | |||||
| CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | |||||
| CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | |||||
| CVE-2014-10388 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. | |||||
| CVE-2018-1129 | 4 Ceph, Debian, Opensuse and 1 more | 10 Ceph, Debian Linux, Leap and 7 more | 2019-08-29 | 3.3 LOW | 6.5 MEDIUM |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | |||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | |||||
| CVE-2014-10395 | 1 Codepeople | 1 Polls Cp | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | |||||
| CVE-2015-9342 | 1 Impress | 1 Wp Rollback | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-rollback plugin before 1.2.3 for WordPress has XSS. | |||||
| CVE-2015-9349 | 1 Cksource | 1 Ckeditor | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. | |||||
| CVE-2015-9350 | 1 Slickremix | 1 Feed Them Social | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. | |||||
| CVE-2016-10936 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. | |||||
| CVE-2015-9347 | 1 Plot | 1 Plotly | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | |||||
| CVE-2015-9346 | 1 Codepeople | 1 Polls Cp | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cp-polls plugin before 1.0.5 for WordPress has XSS. | |||||
| CVE-2019-15314 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-08-28 | 3.5 LOW | 5.4 MEDIUM |
| tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | |||||
| CVE-2019-15501 | 1 Lsoft | 1 Listserv | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | |||||
| CVE-2019-13274 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | |||||
| CVE-2017-18590 | 1 Bestwebsoft | 1 Timesheet | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. | |||||
| CVE-2018-14008 | 1 Arista | 1 Eos | 2019-08-28 | 3.3 LOW | 6.5 MEDIUM |
| Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. | |||||
| CVE-2019-15644 | 1 Zoho | 1 Salesiq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. | |||||
| CVE-2016-3145 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2019-08-28 | 2.1 LOW | 4.6 MEDIUM |
| Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | |||||
| CVE-2018-21001 | 1 Bologer | 1 Anycomment | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The anycomment plugin before 0.0.33 for WordPress has XSS. | |||||
| CVE-2019-15479 | 1 Status Board Project | 1 Status Board | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via dashboard.ts. | |||||
| CVE-2019-15227 | 1 Getflightpath | 1 Flightpath | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions. | |||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | |||||
| CVE-2017-18540 | 1 Deepsoft | 1 Weblibrarian | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. | |||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-14672 | 1 Yandex | 1 Clickhouse | 2019-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | |||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2019-08-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | |||||
| CVE-2019-5280 | 1 Huawei | 2 Cloudlink Phone 7900, Cloudlink Phone 7900 Firmware | 2019-08-27 | 5.8 MEDIUM | 6.5 MEDIUM |
| The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones. | |||||