The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-11364 | An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | -- | Aug 30, 2019 |
| CVE-2019-11363 | A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | -- | Aug 30, 2019 |
| CVE-2018-21007 | The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | -- | Aug 29, 2019 |
| CVE-2019-4133 | IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. | -- | Aug 29, 2019 |
| CVE-2019-4132 | IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. | -- | Aug 29, 2019 |
| CVE-2017-14202 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | -- | Aug 29, 2019 |
| CVE-2019-15842 | The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | -- | Aug 30, 2019 |
| CVE-2019-15841 | The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | -- | Aug 30, 2019 |
| CVE-2019-15840 | The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | -- | Aug 30, 2019 |
| CVE-2019-15838 | The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | -- | Aug 30, 2019 |
| CVE-2019-15837 | The webp-express plugin before 0.14.8 for WordPress has stored XSS. | -- | Aug 30, 2019 |
| CVE-2019-15833 | The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | -- | Aug 30, 2019 |
| CVE-2019-15832 | The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | -- | Aug 30, 2019 |
| CVE-2019-15831 | The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | -- | Aug 30, 2019 |
| CVE-2019-15830 | The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. | -- | Aug 30, 2019 |
| CVE-2019-15829 | The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | -- | Aug 30, 2019 |
| CVE-2019-15828 | The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | -- | Aug 30, 2019 |
| CVE-2019-15827 | The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | -- | Aug 30, 2019 |
| CVE-2019-15822 | The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | -- | Aug 30, 2019 |
| CVE-2019-15817 | The easy-property-listings plugin before 3.4 for WordPress has XSS. | -- | Aug 30, 2019 |
| CVE-2019-13526 | Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. | -- | Aug 30, 2019 |
| CVE-2019-12754 | Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | -- | Aug 30, 2019 |
| CVE-2019-12402 | The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. | -- | Aug 30, 2019 |
| CVE-2015-9380 | The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | -- | Aug 30, 2019 |
| CVE-2014-9992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 |
| CVE-2014-9982 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 |
| CVE-2014-10061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 |
| CVE-2014-10060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 |
| CVE-2014-10049 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-15513 | Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | -- | Aug 30, 2019 |
| CVE-2018-15512 | Cross-site scripting (XSS) vulnerability in the \'Authorisation Service\' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | -- | Aug 30, 2019 |
| CVE-2018-15511 | Cross-site scripting (XSS) vulnerability in the \'Notification template\' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | -- | Aug 30, 2019 |
| CVE-2018-15510 | Cross-site scripting (XSS) vulnerability in the \'Certificate\' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | -- | Aug 30, 2019 |
| CVE-2018-11989 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11978 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11975 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11974 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11973 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11972 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11969 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11959 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11933 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-18341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-18340 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-18339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-18338 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-18337 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | -- | Nov 7, 2023 |
