Max CVSS | 7.8 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-12922 | 5.8 |
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
|
02-02-2023 - 19:52 | 13-09-2019 - 13:15 | |
CVE-2020-14943 | 3.5 |
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.
|
27-01-2023 - 16:32 | 22-06-2020 - 22:15 | |
CVE-2014-5081 | 7.5 |
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
|
16-08-2021 - 18:11 | 10-01-2020 - 13:15 | |
CVE-2020-10879 | 7.5 |
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
|
21-07-2021 - 11:39 | 23-03-2020 - 22:15 | |
CVE-2019-1010163 | 7.2 |
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The compo
|
21-07-2021 - 11:39 | 24-07-2019 - 12:15 | |
CVE-2018-12715 | 4.3 |
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.
|
21-06-2021 - 18:30 | 03-07-2019 - 18:15 | |
CVE-2019-1010136 | 7.8 |
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are availab
|
24-08-2020 - 17:37 | 19-07-2019 - 16:15 | |
CVE-2020-13426 | 4.3 |
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
|
26-06-2020 - 16:16 | 22-06-2020 - 18:15 | |
CVE-2020-11457 | 3.5 |
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
|
06-04-2020 - 21:15 | 01-04-2020 - 16:15 | |
CVE-2020-10218 | 4.0 |
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
|
17-03-2020 - 20:59 | 13-03-2020 - 17:15 | |
CVE-2011-4094 | 7.5 |
Jara 1.6 has a SQL injection vulnerability.
|
23-01-2020 - 21:34 | 21-01-2020 - 15:15 | |
CVE-2014-2072 | 7.5 |
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
|
17-01-2020 - 15:24 | 08-01-2020 - 16:15 | |
CVE-2014-1860 | 7.5 |
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
|
14-01-2020 - 15:19 | 08-01-2020 - 16:15 | |
CVE-2015-9464 | 5.0 |
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
|
15-10-2019 - 19:48 | 10-10-2019 - 16:15 | |
CVE-2015-9480 | 5.0 |
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
|
15-10-2019 - 18:13 | 10-10-2019 - 17:15 | |
CVE-2019-16532 | 5.8 |
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
|
28-09-2019 - 23:26 | 26-09-2019 - 16:15 | |
CVE-2019-16724 | 7.5 |
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
|
26-09-2019 - 13:15 | 24-09-2019 - 21:15 | |
CVE-2019-13063 | 5.0 |
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote vic
|
23-09-2019 - 18:48 | 23-09-2019 - 15:15 | |
CVE-2016-10997 | 4.3 |
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
|
20-09-2019 - 17:59 | 20-09-2019 - 15:15 | |
CVE-2016-10972 | 7.5 |
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
|
16-09-2019 - 20:54 | 16-09-2019 - 17:15 | |
CVE-2017-18601 | 3.5 |
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
|
10-09-2019 - 20:23 | 10-09-2019 - 12:15 | |
CVE-2017-18602 | 6.5 |
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
|
10-09-2019 - 20:23 | 10-09-2019 - 12:15 | |
CVE-2019-14221 | 3.5 |
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
|
27-08-2019 - 14:50 | 08-08-2019 - 13:15 | |
CVE-2019-14430 | 5.0 |
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
|
26-08-2019 - 20:42 | 20-08-2019 - 14:15 | |
CVE-2018-11227 | 4.3 |
Monstra CMS 3.0.4 and earlier has XSS via index.php.
|
08-07-2019 - 20:15 | 03-07-2019 - 16:15 | |
CVE-2017-18346 | 7.5 |
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
|
05-07-2019 - 18:49 | 03-07-2019 - 17:15 |