Export limit exceeded: 75059 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75059 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10948 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 8.1 High |
| The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. | ||||
| CVE-2016-10947 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 7.2 High |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | ||||
| CVE-2016-10946 | 1 Wp-d3 Project | 1 Wp-d3 | 2024-11-21 | 8.8 High |
| The wp-d3 plugin before 2.4.1 for WordPress has CSRF. | ||||
| CVE-2016-10945 | 1 Pagelines | 1 Pagelines | 2024-11-21 | 8.8 High |
| The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | ||||
| CVE-2016-10944 | 1 Wpmaz | 1 Multisite Post Duplicator | 2024-11-21 | 8.8 High |
| The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | ||||
| CVE-2016-10943 | 1 Zx-csv-upload Project | 1 Zx-csv-upload | 2024-11-21 | 7.2 High |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | ||||
| CVE-2016-10940 | 1 Zm-gallery Project | 1 Zm-gallery | 2024-11-21 | 7.2 High |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | ||||
| CVE-2016-10939 | 1 Xtremelocator | 1 Xtremelocator | 2024-11-21 | 7.2 High |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | ||||
| CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-11-21 | 7.5 High |
| IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | ||||
| CVE-2016-10906 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.0 High |
| An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. | ||||
| CVE-2016-10905 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. | ||||
| CVE-2016-10884 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 8.8 High |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | ||||
| CVE-2016-10874 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 8.8 High |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | ||||
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2024-11-21 | 8.8 High |
| edx-platform before 2016-06-06 allows CSRF. | ||||
| CVE-2016-10743 | 1 W1.fi | 1 Hostapd | 2024-11-21 | 7.5 High |
| hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. | ||||
| CVE-2016-10707 | 1 Jquery | 1 Jquery | 2024-11-21 | 7.5 High |
| jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. | ||||
| CVE-2016-10690 | 1 Openframe-ascii-image Project | 1 Openframe-ascii-image | 2024-11-21 | 8.1 High |
| openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10688 | 1 Haxe | 1 Haxe | 2024-11-21 | 8.1 High |
| Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10680 | 1 Adamvr-geoip-lite Project | 1 Adamvr-geoip-lite | 2024-11-21 | 8.1 High |
| adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data. | ||||
| CVE-2016-10663 | 1 Node-wixtoolset Project | 1 Node-wixtoolset | 2024-11-21 | 8.1 High |
| wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||