Max CVSS 7.8 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-12922 5.8
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
02-02-2023 - 19:52 13-09-2019 - 13:15
CVE-2020-14943 3.5
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.
27-01-2023 - 16:32 22-06-2020 - 22:15
CVE-2014-5081 7.5
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
16-08-2021 - 18:11 10-01-2020 - 13:15
CVE-2020-10879 7.5
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
21-07-2021 - 11:39 23-03-2020 - 22:15
CVE-2019-1010163 7.2
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The compo
21-07-2021 - 11:39 24-07-2019 - 12:15
CVE-2018-12715 4.3
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.
21-06-2021 - 18:30 03-07-2019 - 18:15
CVE-2019-1010136 7.8
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are availab
24-08-2020 - 17:37 19-07-2019 - 16:15
CVE-2020-13426 4.3
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
26-06-2020 - 16:16 22-06-2020 - 18:15
CVE-2020-11457 3.5
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
06-04-2020 - 21:15 01-04-2020 - 16:15
CVE-2020-10218 4.0
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
17-03-2020 - 20:59 13-03-2020 - 17:15
CVE-2011-4094 7.5
Jara 1.6 has a SQL injection vulnerability.
23-01-2020 - 21:34 21-01-2020 - 15:15
CVE-2014-2072 7.5
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
17-01-2020 - 15:24 08-01-2020 - 16:15
CVE-2014-1860 7.5
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
14-01-2020 - 15:19 08-01-2020 - 16:15
CVE-2015-9464 5.0
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
15-10-2019 - 19:48 10-10-2019 - 16:15
CVE-2015-9480 5.0
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
15-10-2019 - 18:13 10-10-2019 - 17:15
CVE-2019-16532 5.8
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
28-09-2019 - 23:26 26-09-2019 - 16:15
CVE-2019-16724 7.5
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
26-09-2019 - 13:15 24-09-2019 - 21:15
CVE-2019-13063 5.0
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote vic
23-09-2019 - 18:48 23-09-2019 - 15:15
CVE-2016-10997 4.3
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
20-09-2019 - 17:59 20-09-2019 - 15:15
CVE-2016-10972 7.5
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
16-09-2019 - 20:54 16-09-2019 - 17:15
CVE-2017-18601 3.5
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
10-09-2019 - 20:23 10-09-2019 - 12:15
CVE-2017-18602 6.5
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
10-09-2019 - 20:23 10-09-2019 - 12:15
CVE-2019-14221 3.5
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
27-08-2019 - 14:50 08-08-2019 - 13:15
CVE-2019-14430 5.0
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
26-08-2019 - 20:42 20-08-2019 - 14:15
CVE-2018-11227 4.3
Monstra CMS 3.0.4 and earlier has XSS via index.php.
08-07-2019 - 20:15 03-07-2019 - 16:15
CVE-2017-18346 7.5
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
05-07-2019 - 18:49 03-07-2019 - 17:15
Back to Top Mark selected
Back to Top