Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2016-4903 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-4903)
cross-site scripting in wordpress (CVE-2016-4903). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-4904 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-4904)
vulnerability in wordpress (CVE-2016-4904). Successful exploitation can lead to full system takeover.
|
| CVE-2016-4905 |
|
SQL Injection in wordpress (CVE-2016-4905)
SQL injection in wordpress (CVE-2016-4905). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5241 |
|
Open Redirect in apache (CVE-2015-5241)
vulnerability in apache (CVE-2015-5241). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9061 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-9061)
cross-site scripting in wordpress (CVE-2017-9061). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9062 |
|
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
|
| CVE-2017-9063 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-9063)
cross-site scripting in wordpress (CVE-2017-9063). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9064 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-9064)
vulnerability in wordpress (CVE-2017-9064). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9065 |
|
Vulnerability in wordpress (CVE-2017-9065)
vulnerability in wordpress (CVE-2017-9065). Data can be tampered with by attackers.
|
| CVE-2017-9066 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2017-9066)
SSRF in wordpress (CVE-2017-9066). Data can be tampered with by attackers.
|
| CVE-2017-8917 |
|
SQL Injection in sqli (CVE-2017-8917)
SQL injection in sqli (CVE-2017-8917). Successful exploitation can lead to full system takeover.
|
| CVE-2015-3998 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2015-3998)
cross-site scripting in wordpress (CVE-2015-3998). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-4070 |
|
Open Redirect in wordpress (CVE-2015-4070)
vulnerability in wordpress (CVE-2015-4070). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3873 |
|
Vulnerability in express (CVE-2017-3873)
vulnerability in express (CVE-2017-3873). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7661 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2017-7661)
vulnerability in apache (CVE-2017-7661). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7662 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2017-7662)
vulnerability in apache (CVE-2017-7662). Successful exploitation can lead to full system takeover.
|
| CVE-2016-8741 |
|
Information Disclosure in apache (CVE-2016-8741)
vulnerability in apache (CVE-2016-8741). Confidential information can be exposed externally.
|
| CVE-2017-5655 |
|
Information Disclosure in apache (CVE-2017-5655)
vulnerability in apache (CVE-2017-5655). Confidential information can be exposed externally.
|
| CVE-2017-5654 |
|
Vulnerability in apache (CVE-2017-5654)
vulnerability in apache (CVE-2017-5654). Confidential information can be exposed externally.
|
| CVE-2017-8875 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-8875)
vulnerability in wordpress (CVE-2017-8875). Data can be tampered with by attackers.
|
| CVE-2016-6799 |
|
Vulnerability in apache (CVE-2016-6799)
vulnerability in apache (CVE-2016-6799). Confidential information can be exposed externally.
|
| CVE-2017-8295 |
|
Vulnerability in wordpress (CVE-2017-8295)
vulnerability in wordpress (CVE-2017-8295). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2017-6624 |
|
Vulnerability in express (CVE-2017-6624)
vulnerability in express (CVE-2017-6624). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-4467 |
|
Vulnerability in c (CVE-2016-4467)
vulnerability in c (CVE-2016-4467). Data can be tampered with by attackers.
|
| CVE-2017-8301 |
|
Vulnerability in nginx (CVE-2017-8301)
vulnerability in nginx (CVE-2017-8301). Data can be tampered with by attackers.
|
| CVE-2017-3161 |
|
Cross-Site Scripting (XSS) in apache (CVE-2017-3161)
cross-site scripting in apache (CVE-2017-3161). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3162 |
|
Vulnerability in apache (CVE-2017-3162)
vulnerability in apache (CVE-2017-3162). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-1170 |
|
Vulnerability in express (CVE-2017-1170)
vulnerability in express (CVE-2017-1170). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7983 |
|
Information Disclosure in joomla (CVE-2017-7983)
vulnerability in joomla (CVE-2017-7983). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7984 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7984)
cross-site scripting in joomla (CVE-2017-7984). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7985 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7985)
cross-site scripting in joomla (CVE-2017-7985). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7986 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7986)
cross-site scripting in joomla (CVE-2017-7986). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7987 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7987)
cross-site scripting in joomla (CVE-2017-7987). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7988 |
|
Vulnerability in joomla (CVE-2017-7988)
vulnerability in joomla (CVE-2017-7988). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7989 |
|
Unrestricted File Upload in joomla (CVE-2017-7989)
vulnerability in joomla (CVE-2017-7989). Data can be tampered with by attackers. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-8057 |
|
Information Disclosure in joomla (CVE-2017-8057)
vulnerability in joomla (CVE-2017-8057). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-3503 |
|
Vulnerability in c (CVE-2017-3503)
vulnerability in c (CVE-2017-3503). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7723 |
|
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
|
| CVE-2017-8099 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-8099)
vulnerability in wordpress (CVE-2017-8099). Data can be tampered with by attackers.
|
| CVE-2017-8100 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-8100)
vulnerability in wordpress (CVE-2017-8100). Data can be tampered with by attackers.
|
| CVE-2017-6919 |
|
Vulnerability in drupal (CVE-2017-6919)
vulnerability in drupal (CVE-2017-6919). Successful exploitation can lead to full system takeover.
|
| CVE-2016-10345 |
|
Vulnerability in nginx (CVE-2016-10345)
vulnerability in nginx (CVE-2016-10345). Successful exploitation can lead to full system takeover.
|
| CVE-2017-5653 |
|
Vulnerability in apache (CVE-2017-5653)
vulnerability in apache (CVE-2017-5653). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-5656 |
|
Vulnerability in apache (CVE-2017-5656)
vulnerability in apache (CVE-2017-5656). Confidential information can be exposed externally.
|
| CVE-2017-5661 |
|
XXE (XML External Entity) in apache (CVE-2017-5661)
vulnerability in apache (CVE-2017-5661). Confidential information can be exposed externally.
|
| CVE-2017-5662 |
|
XXE (XML External Entity) in apache (CVE-2017-5662)
vulnerability in apache (CVE-2017-5662). Confidential information can be exposed externally.
|
| CVE-2017-5645 |
|
Unsafe Deserialization in apache (CVE-2017-5645)
vulnerability in apache (CVE-2017-5645). Successful exploitation can lead to full system takeover.
|
| CVE-2016-5396 |
|
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
|
| CVE-2017-5659 |
|
Vulnerability in apache (CVE-2017-5659)
vulnerability in apache (CVE-2017-5659). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-5647 |
|
Information Disclosure in c (CVE-2017-5647)
vulnerability in c (CVE-2017-5647). Confidential information can be exposed externally.
|