Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75140 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2024-11-21 | 7.2 High |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | ||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2024-11-21 | 8.8 High |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | ||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | ||||
| CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2024-11-21 | 7.5 High |
| The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | ||||
| CVE-2015-9406 | 1 Mtheme-unus Project | 1 Mtheme-unus | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | ||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | ||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2024-11-21 | 8.8 High |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | ||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2024-11-21 | 7.2 High |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | ||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2024-11-21 | 8.8 High |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | ||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | ||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9353 | 1 Tri | 1 Gigpress | 2024-11-21 | 7.2 High |
| The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | ||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 8.8 High |
| The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | ||||
| CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 7.8 High |
| Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. | ||||
| CVE-2015-9239 | 1 Ansi2html Project | 1 Ansi2html | 2024-11-21 | 7.5 High |
| ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2015-8851 | 2 Node-uuid Project, Redhat | 2 Node-uuid, Openshift | 2024-11-21 | 7.5 High |
| node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | ||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 8.8 High |
| Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | ||||
| CVE-2015-8549 | 1 Pyamf | 1 Pyamf | 2024-11-21 | 7.1 High |
| XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | ||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 8.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | ||||