Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-18585 1 Ivycat 1 Posts In Page 2019-08-23 5.5
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
CVE-2019-4483 1 Ibm 1 Emptoris Spend Analysis 2019-08-23 7.5
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify...
CVE-2018-20986 2019-08-23 3.5
The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors.
CVE-2018-20987 1 Tribulant 1 Newsletters 2019-08-23 7.5
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
CVE-2019-15328 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
CVE-2019-15326 1 Codection 1 Import Users From Csv With Meta 2019-08-23 5.0
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
CVE-2019-15327 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
CVE-2019-15329 1 Codection 1 Import Users From Csv With Meta 2019-08-23 6.8
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
CVE-2019-14216 1 Wp Svg Icons Project 1 Wp Svg Icons 2019-08-23 6.8
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
CVE-2016-10903 1 Godaddy 1 Godaddy Email Marketing 2019-08-23 6.8
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
CVE-2017-18521 1 Wp-kama 1 Democracy Poll 2019-08-23 6.8
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
CVE-2017-18534 2019-08-23 4.3
The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.
CVE-2019-4484 1 Ibm 2 Emptoris Sourcing, Emptoris Spend Analysis 2019-08-23 4.0
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks...
CVE-2019-4481 1 Ibm 1 Emptoris Spend Analysis 2019-08-23 7.5
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify...
CVE-2019-4460 1 Ibm 1 Api Connect 2019-08-23 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on...
CVE-2019-4425 1 Ibm 2 Business Automation Workflow, Business Process Manager 2019-08-23 3.5
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.
CVE-2019-4419 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-08-23 6.4
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2019-11654 2019-08-23 N/A
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
CVE-2019-15535 2019-08-23 N/A
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
CVE-2019-15536 2019-08-23 N/A
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.