National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,761 matching records.
Displaying matches 1641 through 1660.
Vuln ID Summary CVSS Severity
CVE-2017-18546

The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-18542

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-9322

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-10376

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-8063

Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.

Published: August 16, 2019; 01:15:10 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-7964

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.

Published: August 16, 2019; 01:15:09 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-7959

Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: August 16, 2019; 01:15:09 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-7958

Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.

Published: August 16, 2019; 01:15:09 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-7957

Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.

Published: August 16, 2019; 01:15:09 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

Published: August 16, 2019; 12:15:10 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.

Published: August 16, 2019; 11:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15119

lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.

Published: August 16, 2019; 11:15:11 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15118

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

Published: August 16, 2019; 10:15:10 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15117

parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.

Published: August 16, 2019; 10:15:09 AM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM