Latest CVE Feed
-
9.8
CRITICALCVE-2016-0224
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : marketing_platform- Published: Jun. 28, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2024-37119
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0.... Read more
Affected Products : uncanny_automator- Published: Nov. 01, 2024
- Modified: Aug. 11, 2025
-
9.8
CRITICALCVE-2024-37094
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.... Read more
Affected Products : masterstudy_lms- Published: Nov. 01, 2024
- Modified: Jan. 22, 2025
-
9.8
CRITICALCVE-2019-0008
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or... Read more
Affected Products : junos ex4300 ex4300m ex4600 ex4650 qfx5100 qfx5110 qfx5120 qfx5200-32c qfx5200-48y +1 more products- Published: Apr. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-37080
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to... Read more
- Published: Jun. 18, 2024
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2015-9499
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.... Read more
Affected Products : showbiz_pro- Published: Oct. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7846
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Mod... Read more
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7811
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server... Read more
- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9479
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.... Read more
Affected Products : acf_fronted_display- Published: Oct. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7226
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecifie... Read more
Affected Products : vncterm- Published: Feb. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9466
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.... Read more
Affected Products : wti_like_post- Published: Oct. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9435
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.... Read more
Affected Products : oauth_server- Published: Sep. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9344
The link-log plugin before 2.1 for WordPress has SQL injection.... Read more
Affected Products : link_log- Published: Aug. 27, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9324
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.... Read more
- Published: Aug. 16, 2019
- Modified: Feb. 07, 2025
-
9.8
CRITICALCVE-2015-9315
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.... Read more
Affected Products : newstatpress- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().... Read more
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9316
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.... Read more
Affected Products : wp_fastest_cache- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9313
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.... Read more
Affected Products : newstatpress- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9330
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.... Read more
Affected Products : wp_all_import- Published: Aug. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9290
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.... Read more
Affected Products : freetype- Published: Jul. 30, 2019
- Modified: Nov. 21, 2024