Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18604 | 1 Sitebuilder Dynamic Components Project | 1 Sitebuilder Dynamic Components | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | |||||
| CVE-2017-18603 | 1 Postman-smtp Project | 1 Postman-smtp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. | |||||
| CVE-2017-18602 | 1 Ibps Online Exam Project | 1 Ibps Online Exam | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. | |||||
| CVE-2017-18601 | 1 Ibps Online Exam Project | 1 Ibps Online Exam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The examapp plugin 1.0 for WordPress has XSS via exam input text fields. | |||||
| CVE-2017-18600 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field. | |||||
| CVE-2017-18599 | 1 Pinfinity Project | 1 Pinfinity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. | |||||
| CVE-2017-18598 | 1 Designmodo | 1 Qards | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. | |||||
| CVE-2017-18597 | 1 Jtrt Responsive Tables Project | 1 Jtrt Responsive Tables | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. | |||||
| CVE-2017-18596 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. | |||||
| CVE-2017-18595 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | |||||
| CVE-2017-18594 | 1 Nmap | 1 Nmap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. | |||||
| CVE-2017-18593 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. | |||||
| CVE-2017-18592 | 1 Wc-marketplace | 1 Wc Catalog Enquiry | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. | |||||
| CVE-2017-18590 | 1 Bestwebsoft | 1 Timesheet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18589 | 1 Cookie Project | 1 Cookie | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. | |||||
| CVE-2017-18588 | 1 Security-framework Project | 1 Security-framework | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. | |||||
| CVE-2017-18587 | 1 Hyper | 1 Hyper | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. | |||||
| CVE-2017-18586 | 1 Insert Pages Project | 1 Insert Pages | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. | |||||
| CVE-2017-18585 | 1 Ivycat | 1 Posts In Page | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. | |||||
| CVE-2017-18584 | 1 Post Pay Counter Project | 1 Post Pay Counter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. | |||||