National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,762 matching records.
Displaying matches 1301 through 1320.
Vuln ID Summary CVSS Severity
CVE-2019-12624

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Published: August 21, 2019; 03:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-20977

The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-20970

The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18562

The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18561

The embed-comment-images plugin before 0.6 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18559

The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18535

The smokesignal plugin before 1.2.7 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18525

The megamenu plugin before 2.4 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18521

The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18516

The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10891

The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10890

The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-10379

The duplicate-post plugin before 2.6 for WordPress has SQL injection.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-10378

The duplicate-post plugin before 2.6 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-10377

The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.

Published: August 21, 2019; 03:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-6714

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.

Published: August 21, 2019; 03:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5041

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5033

An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5032

An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15295

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH