Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2015-9496 The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. | 8.8 | HIGH | β | 0 |
| CVE-2015-9497 The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | 8.8 | HIGH | β | 0 |
| CVE-2015-9498 The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | 8.8 | HIGH | β | 0 |
| CVE-2015-9499 The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9500 The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-15587 In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-8089 Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.1 | MEDIUM | β | 0 |
| CVE-2015-9501 The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-16971 In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-16972 In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-16973 In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-14276 WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-10459 Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-10460 Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the m... | 7.8 | HIGH | β | 0 |
| CVE-2019-10461 Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access ... | 7.8 | HIGH | β | 0 |
| CVE-2019-18356 An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | 6.1 | MEDIUM | β | 0 |
| CVE-2019-10462 A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified crede... | 8.1 | HIGH | β | 0 |
| CVE-2019-10463 A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-10464 A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file ... | 8.8 | HIGH | β | 0 |
| CVE-2019-10465 A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine wh... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-10466 An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets ... | 8.1 | HIGH | β | 0 |
| CVE-2019-10467 Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file s... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20531 An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (Decem... | 7.1 | HIGH | β | 0 |
| CVE-2019-10468 A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtai... | 8.8 | HIGH | β | 0 |
| CVE-2019-10469 A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credenti... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-10470 A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jen... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-10471 A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through an... | 8.8 | HIGH | β | 0 |
| CVE-2019-10472 A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtain... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-10473 A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-11796 In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10474 A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-10475 A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-10476 Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 | HIGH | β | 0 |
| CVE-2019-18219 Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection withi... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-18220 Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via sp... | 8.8 | HIGH | β | 0 |
| CVE-2019-18277 A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if com... | 7.5 | HIGH | β | 0 |
| CVE-2019-18278 When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the V... | 7.8 | HIGH | β | 0 |
| CVE-2019-18280 Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into exec... | 8.8 | HIGH | β | 0 |
| CVE-2019-16976 In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-18281 An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an ap... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-18344 Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11282 Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with ma... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-10622 LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | 7.8 | HIGH | β | 0 |
| CVE-2019-11283 Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for ... | 8.8 | HIGH | β | 0 |
| CVE-2019-11933 A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16975 In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2013-7333 A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from th... | 7.5 | HIGH | β | 0 |
| CVE-2015-9502 The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. | 6.1 | MEDIUM | β | 0 |
| CVE-2015-9503 The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-9282 In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is need... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.