Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-18581 2019-08-23 4.3
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
CVE-2016-10924 2019-08-23 5.0
The ebook-download plugin before 1.2 for WordPress has directory traversal.
CVE-2016-10923 2019-08-23 7.5
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
CVE-2008-7321 2019-08-23 4.3
The tubepress plugin before 1.6.5 for WordPress has XSS.
CVE-2017-18580 2019-08-23 7.5
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
CVE-2017-18564 1 Bestwebsoft 1 Sender 2019-08-23 4.3
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
CVE-2017-18563 1 Swimordiesoftware 1 Rsvp 2019-08-23 4.3
The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.
CVE-2015-9327 2019-08-23 4.3
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
CVE-2019-4482 1 Ibm 1 Emptoris Spend Analysis 2019-08-23 3.5
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2019-4437 1 Ibm 1 Api Connect 2019-08-23 5.0
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.
CVE-2019-4338 1 Ibm 1 Security Guardium Big Data Intelligence 2019-08-23 5.0
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.
CVE-2019-4420 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-08-23 2.1
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
CVE-2019-4167 1 Ibm 1 Storediq 2019-08-23 4.3
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
CVE-2019-4120 1 Ibm 1 Cloud Private 2019-08-23 3.5
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2016-10929 2019-08-23 5.0
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
CVE-2015-9333 2019-08-23 7.5
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
CVE-2017-18570 2019-08-23 7.5
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
CVE-2014-10392 2019-08-23 4.3
The cforms2 plugin before 10.2 for WordPress has XSS.
CVE-2014-10393 2019-08-23 4.3
The cforms2 plugin before 10.5 for WordPress has XSS.
CVE-2017-18578 1 Crafty Social Buttons Project 1 Crafty Social Buttons 2019-08-23 4.3
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.