| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2017-18585 |
1 Ivycat |
1 Posts In Page |
2019-08-23 |
5.5 |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. |
| CVE-2019-4483 |
1 Ibm |
1 Emptoris Spend Analysis |
2019-08-23 |
7.5 |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify... |
| CVE-2018-20986 |
|
|
2019-08-23 |
3.5 |
| The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors. |
| CVE-2018-20987 |
1 Tribulant |
1 Newsletters |
2019-08-23 |
7.5 |
| The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. |
| CVE-2019-15328 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
4.3 |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. |
| CVE-2019-15326 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
5.0 |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. |
| CVE-2019-15327 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
4.3 |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. |
| CVE-2019-15329 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
6.8 |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. |
| CVE-2019-14216 |
1 Wp Svg Icons Project |
1 Wp Svg Icons |
2019-08-23 |
6.8 |
| An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. |
| CVE-2016-10903 |
1 Godaddy |
1 Godaddy Email Marketing |
2019-08-23 |
6.8 |
| The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF. |
| CVE-2017-18521 |
1 Wp-kama |
1 Democracy Poll |
2019-08-23 |
6.8 |
| The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. |
| CVE-2017-18534 |
|
|
2019-08-23 |
4.3 |
| The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters. |
| CVE-2019-4484 |
1 Ibm |
2 Emptoris Sourcing, Emptoris Spend Analysis |
2019-08-23 |
4.0 |
| IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks... |
| CVE-2019-4481 |
1 Ibm |
1 Emptoris Spend Analysis |
2019-08-23 |
7.5 |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify... |
| CVE-2019-4460 |
1 Ibm |
1 Api Connect |
2019-08-23 |
5.0 |
| IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on... |
| CVE-2019-4425 |
1 Ibm |
2 Business Automation Workflow, Business Process Manager |
2019-08-23 |
3.5 |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. |
| CVE-2019-4419 |
1 Ibm |
3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics |
2019-08-23 |
6.4 |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory... |
| CVE-2019-11654 |
|
|
2019-08-23 |
N/A |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. |
| CVE-2019-15535 |
|
|
2019-08-23 |
N/A |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. |
| CVE-2019-15536 |
|
|
2019-08-23 |
N/A |
| The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. |
