National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • CVSS Version: 3
  • CVSS V3 Severity: Critical (9-10)
  • CVSS V3 Metrics: AV:N
There are 7,301 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2017-18548

The note-press plugin before 0.1.2 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-18514

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

Published: August 14, 2019; 11:15:11 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-10889

The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.

Published: August 14, 2019; 11:15:11 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9315

The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

Published: August 14, 2019; 11:15:11 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9313

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

Published: August 14, 2019; 11:15:11 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-18515

The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.

Published: August 14, 2019; 10:15:14 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9301

The liveforms plugin before 3.2.0 for WordPress has SQL injection.

Published: August 13, 2019; 01:15:12 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9298

The events-manager plugin before 5.6 for WordPress has code injection.

Published: August 13, 2019; 01:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-14968

An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

Published: August 12, 2019; 02:15:12 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-14965

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.

Published: August 12, 2019; 02:15:12 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.

Published: August 12, 2019; 01:15:11 PM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2019-12618

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.

Published: August 12, 2019; 01:15:10 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-5402

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

Published: August 09, 2019; 02:15:12 PM -04:00
V3: 9.4 CRITICAL
V2: 10.0 HIGH
CVE-2019-5399

A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

Published: August 09, 2019; 02:15:11 PM -04:00
V3: 9.4 CRITICAL
V2: 9.7 HIGH
CVE-2019-5397

A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

Published: August 09, 2019; 02:15:11 PM -04:00
V3: 9.4 CRITICAL
V2: 9.7 HIGH
CVE-2019-5396

A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

Published: August 09, 2019; 01:15:11 PM -04:00
V3: 9.4 CRITICAL
V2: 9.7 HIGH
CVE-2019-14801

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.

Published: August 09, 2019; 10:15:11 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20955

Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root.

Published: August 08, 2019; 05:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-12994

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.

Published: August 08, 2019; 02:15:10 PM -04:00
V3: 9.1 CRITICAL
V2: 6.5 MEDIUM
CVE-2019-14754

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.

Published: August 08, 2019; 09:15:12 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH