Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2017-11631 dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.
CVE-2017-11613 Vulnerability in dos (CVE-2017-11613)
vulnerability in dos (CVE-2017-11613). Risk of unauthorized operations or information disclosure.
CVE-2017-11638 Vulnerability in c (CVE-2017-11638)
vulnerability in c (CVE-2017-11638). Successful exploitation can lead to full system takeover.
CVE-2017-11629 Cross-Site Scripting (XSS) in c (CVE-2017-11629)
cross-site scripting in c (CVE-2017-11629). Risk of unauthorized operations or information disclosure.
CVE-2017-11651 NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVE-2017-11639 Out-of-Bounds Read in c (CVE-2017-11639)
vulnerability in c (CVE-2017-11639). Risk of unauthorized operations or information disclosure.
CVE-2017-11624 Vulnerability in dos (CVE-2017-11624)
vulnerability in dos (CVE-2017-11624). Risk of unauthorized operations or information disclosure.
CVE-2017-11625 Vulnerability in dos (CVE-2017-11625)
vulnerability in dos (CVE-2017-11625). Risk of unauthorized operations or information disclosure.
CVE-2017-11626 Vulnerability in dos (CVE-2017-11626)
vulnerability in dos (CVE-2017-11626). Risk of unauthorized operations or information disclosure.
CVE-2017-11627 Vulnerability in dos (CVE-2017-11627)
vulnerability in dos (CVE-2017-11627). Risk of unauthorized operations or information disclosure.
CVE-2017-11628 Buffer Overflow in c (CVE-2017-11628)
vulnerability in c (CVE-2017-11628). Successful exploitation can lead to full system takeover.
CVE-2017-9233 XXE (XML External Entity) in libexpat-project (CVE-2017-9233)
vulnerability in libexpat-project (CVE-2017-9233). Risk of unauthorized operations or information disclosure.
CVE-2016-6133 Cross-Site Scripting (XSS) in ektron (CVE-2016-6133)
cross-site scripting in ektron (CVE-2016-6133). Risk of unauthorized operations or information disclosure.
CVE-2017-6746 Vulnerability in cisco (CVE-2017-6746)
vulnerability in cisco (CVE-2017-6746). Successful exploitation can lead to full system takeover.
CVE-2017-6751 Vulnerability in cisco (CVE-2017-6751)
vulnerability in cisco (CVE-2017-6751). Data can be tampered with by attackers.
CVE-2017-6749 Cross-Site Scripting (XSS) in cisco (CVE-2017-6749)
cross-site scripting in cisco (CVE-2017-6749). Risk of unauthorized operations or information disclosure.
CVE-2017-6755 Cross-Site Scripting (XSS) in cisco (CVE-2017-6755)
cross-site scripting in cisco (CVE-2017-6755). Risk of unauthorized operations or information disclosure.
CVE-2017-6672 Authorization Flaw in cisco (CVE-2017-6672)
vulnerability in cisco (CVE-2017-6672). Data can be tampered with by attackers.
CVE-2017-6612 Buffer Overflow in cisco (CVE-2017-6612)
vulnerability in cisco (CVE-2017-6612). Data can be tampered with by attackers.
CVE-2017-6753 A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected br...
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meeti...
CVE-2017-6748 Vulnerability in cisco (CVE-2017-6748)
vulnerability in cisco (CVE-2017-6748). Successful exploitation can lead to full system takeover.
CVE-2017-6750 Vulnerability in cisco (CVE-2017-6750)
vulnerability in cisco (CVE-2017-6750). Data can be tampered with by attackers.
CVE-2017-9413 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a po...
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via t...
CVE-2016-10401 ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists w...
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
CVE-2017-11457 XXE (XML External Entity) in ssrf (CVE-2017-11457)
vulnerability in ssrf (CVE-2017-11457). Confidential information can be exposed externally.
CVE-2017-11458 Cross-Site Scripting (XSS) in sap (CVE-2017-11458)
cross-site scripting in sap (CVE-2017-11458). Risk of unauthorized operations or information disclosure.
CVE-2017-11460 Cross-Site Scripting (XSS) in sap (CVE-2017-11460)
cross-site scripting in sap (CVE-2017-11460). Risk of unauthorized operations or information disclosure.
CVE-2017-11434 Out-of-Bounds Read in c (CVE-2017-11434)
vulnerability in c (CVE-2017-11434). Risk of unauthorized operations or information disclosure.
CVE-2017-11459 Code Injection in sap (CVE-2017-11459)
code injection in sap (CVE-2017-11459). Successful exploitation can lead to full system takeover.
CVE-2015-1417 Vulnerability in dos (CVE-2015-1417)
vulnerability in dos (CVE-2015-1417). Risk of unauthorized operations or information disclosure.
CVE-2015-0904 Vulnerability in shidax (CVE-2015-0904)
vulnerability in shidax (CVE-2015-0904). Confidential information can be exposed externally.
CVE-2015-1332 The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute ar...
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
CVE-2015-1438 Buffer Overflow in panda-security (CVE-2015-1438)
vulnerability in panda-security (CVE-2015-1438). Successful exploitation can lead to full system takeover.
CVE-2015-6585 Buffer Overflow in hancom (CVE-2015-6585)
vulnerability in hancom (CVE-2015-6585). Successful exploitation can lead to full system takeover.
CVE-2015-3171 Information Disclosure in sosreport (CVE-2015-3171)
vulnerability in sosreport (CVE-2015-3171). Confidential information can be exposed externally. Mitigation: upgrade to `d7759d3ddae5fe99a340c88a1d370d65cfa73fd6` or later.
CVE-2015-5187 Information Disclosure in candlepinproject (CVE-2015-5187)
vulnerability in candlepinproject (CVE-2015-5187). Risk of unauthorized operations or information disclosure.
CVE-2015-4462 Unrestricted File Upload in path-traversal (CVE-2015-4462)
vulnerability in path-traversal (CVE-2015-4462). Confidential information can be exposed externally.
CVE-2015-4463 Unrestricted File Upload in efrontlearning (CVE-2015-4463)
vulnerability in efrontlearning (CVE-2015-4463). Data can be tampered with by attackers.
CVE-2015-3149 Vulnerability in redhat (CVE-2015-3149)
vulnerability in redhat (CVE-2015-3149). Data can be tampered with by attackers.
CVE-2015-3243 Vulnerability in rsyslog (CVE-2015-3243)
vulnerability in rsyslog (CVE-2015-3243). Confidential information can be exposed externally.
CVE-2015-8013 Vulnerability in openpgpjs (CVE-2015-8013)
vulnerability in openpgpjs (CVE-2015-8013). Confidential information can be exposed externally.
CVE-2015-2798 SQL Injection in sqli (CVE-2015-2798)
SQL injection in sqli (CVE-2015-2798). Successful exploitation can lead to full system takeover.
CVE-2015-3278 Vulnerability in nss-compat-ossl-project (CVE-2015-3278)
vulnerability in nss-compat-ossl-project (CVE-2015-3278). Successful exploitation can lead to full system takeover.
CVE-2015-4035 Vulnerability in tukaani (CVE-2015-4035)
vulnerability in tukaani (CVE-2015-4035). Successful exploitation can lead to full system takeover.
CVE-2015-0674 Cross-Site Scripting (XSS) in cisco (CVE-2015-0674)
cross-site scripting in cisco (CVE-2015-0674). Risk of unauthorized operations or information disclosure.
CVE-2015-5594 Cross-Site Scripting (XSS) in zenphoto (CVE-2015-5594)
cross-site scripting in zenphoto (CVE-2015-5594). Risk of unauthorized operations or information disclosure.
CVE-2015-5221 Use-After-Free in c (CVE-2015-5221)
vulnerability in c (CVE-2015-5221). Risk of unauthorized operations or information disclosure.
CVE-2017-11617 Cross-Site Scripting (XSS) in atmail (CVE-2017-11617)
cross-site scripting in atmail (CVE-2017-11617). Risk of unauthorized operations or information disclosure.
CVE-2017-11614 Vulnerability in medhost (CVE-2017-11614)
vulnerability in medhost (CVE-2017-11614). Successful exploitation can lead to full system takeover.
CVE-2017-11566 AppUse 4.0 allows shell command injection via a proxy field.
AppUse 4.0 allows shell command injection via a proxy field.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →