Export limit exceeded: 74868 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74868 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2024-11-21 | 7.5 High |
| The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | ||||
| CVE-2015-9406 | 1 Mtheme-unus Project | 1 Mtheme-unus | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | ||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | ||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2024-11-21 | 8.8 High |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | ||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2024-11-21 | 7.2 High |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | ||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2024-11-21 | 8.8 High |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | ||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | ||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9353 | 1 Tri | 1 Gigpress | 2024-11-21 | 7.2 High |
| The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | ||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 8.8 High |
| The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | ||||
| CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 7.8 High |
| Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. | ||||
| CVE-2015-9239 | 1 Ansi2html Project | 1 Ansi2html | 2024-11-21 | 7.5 High |
| ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2015-8851 | 2 Node-uuid Project, Redhat | 2 Node-uuid, Openshift | 2024-11-21 | 7.5 High |
| node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | ||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 8.8 High |
| Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | ||||
| CVE-2015-8549 | 1 Pyamf | 1 Pyamf | 2024-11-21 | 7.1 High |
| XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | ||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 8.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | ||||
| CVE-2015-8535 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-8371 | 1 Getcomposer | 1 Composer | 2024-11-21 | 8.8 High |
| Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected. | ||||
| CVE-2015-8012 | 1 Lldpd Project | 1 Lldpd | 2024-11-21 | 7.5 High |
| lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. | ||||