Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38376 | 1 Fortinet | 1 Fortinac | 2023-02-24 | N/A | 6.1 MEDIUM |
| Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. | |||||
| CVE-2021-42756 | 1 Fortinet | 1 Fortiweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. | |||||
| CVE-2023-24238 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | |||||
| CVE-2023-24236 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | |||||
| CVE-2023-22580 | 1 Sequelizejs | 1 Sequelize | 2023-02-24 | N/A | 7.5 HIGH |
| Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | |||||
| CVE-2023-22579 | 1 Sequelizejs | 1 Sequelize | 2023-02-24 | N/A | 8.8 HIGH |
| Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | |||||
| CVE-2019-14206 | 1 Nevma | 1 Adaptive Images | 2023-02-24 | 6.4 MEDIUM | 7.5 HIGH |
| An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php. | |||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | |||||
| CVE-2016-10878 | 1 Flippercode | 1 Google Map | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. | |||||
| CVE-2023-24483 | 2 Citrix, Microsoft | 2 Virtual Apps And Desktops, Windows | 2023-02-24 | N/A | 7.8 HIGH |
| A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | |||||
| CVE-2016-10875 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 4.3.1 for WordPress has XSS. | |||||
| CVE-2016-10874 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | |||||
| CVE-2020-15778 | 3 Broadcom, Netapp, Openbsd | 10 Fabric Operating System, A700s, A700s Firmware and 7 more | 2023-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | |||||
| CVE-2016-10873 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 4.3.3 for WordPress has XSS. | |||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2023-02-24 | 3.5 LOW | 5.4 MEDIUM |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | |||||
| CVE-2019-14774 | 1 Getwooplugins | 1 Woo-variation-swatches | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | |||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2023-02-24 | 4.9 MEDIUM | 5.7 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | |||||
| CVE-2019-14680 | 1 Mijnpress | 1 Admin-renamer-extended | 2023-02-24 | 3.5 LOW | 5.7 MEDIUM |
| The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | |||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | |||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | |||||