CWE:
 

Tytuł
Data
Autor
Med.
TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write
14.11.2024
Filip Palian
High
Plantronics Hub 3.25.1 Arbitrary File Read
16.05.2024
Alaa Kachouh
High
Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read
11.03.2024
Youssef Muhammad
Med.
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
29.01.2024
binganao
Med.
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read
19.08.2023
Hank Leininger
Med.
OX App Suite SSRF / SQL Injection / Cross Site Scripting
03.08.2023
Mehmet Ince
High
Bludit < 3.13.1 Backup Plugin Arbitrary File Download (Authenticated)
11.07.2023
Antonio Cuomo (arkanto...
Med.
OX App Suite XSS / Information Disclosure / Authorization Bypass
09.05.2023
Martin Heiland
Med.
SecurePoint UTM 12.x Session ID Leak
18.04.2023
Julien Ahrens
Low
MiniDVBLinux 5.4 Arbitrary File Read
18.10.2022
LiquidWorm
High
Active eCommerce CMS 6.3.0 Arbitrary File Download
28.09.2022
th3d1gger
High
WordPress BackupBuddy 8.7.4.1 Arbitrary File Read
07.09.2022
Anonymouse
Low
SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure
22.06.2022
Yvan Genuer
Med.
Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure
06.06.2022
Julien Ahrens
High
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read
24.03.2022
Hassan Khan Yusufzai
High
TermTalk Server 3.24.0.2 Arbitrary File Read
05.01.2022
Fabiano Golluscio
High
Oliver Library Server v5 Arbitrary File Download
19.12.2021
Mandeep Singh, Ishaan ...
Med.
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
09.12.2021
s1gh
High
TestLink 1.19 Arbitrary File Download
09.12.2021
Gonzalo Villegas
Med.
WordPress DZS Zoomsounds 6.45 Arbitrary File Read
05.12.2021
Uriel Yochpaz
High
WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)
03.12.2021
Uriel Yochpaz
High
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
16.11.2021
Rizal Muhammed
Med.
SAP Enterprise Portal Sensitive Data Disclosure
23.10.2021
Yvan Genuer
High
WordPress Duplicator 1.3.26 Arbitrary File Read
18.10.2021
nam3lum
High
Atlassian Confluence Server 7.5.1 Arbitrary File Read
06.10.2021
Mayank Deshmukh
Med.
WordPress BulletProof Security 5.1 Information Disclosure
06.10.2021
Ron Jost
Med.
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
30.07.2021
LiquidWorm
High
ES File Explorer 4.1.9.7.4 Arbitrary File Read
29.06.2021
Nehal Zaman
Med.
SAP Hybris eCommerce Information Disclosure
15.06.2021
Gaston Traberg
High
Hasura GraphQL 1.3.3 Arbitrary File Read
22.04.2021
Dolev Farhi
High
Novel Boutique House-plus 3.5.1 Arbitrary File Download
29.03.2021
tuyiqiang
Med.
Apache Flink 1.11.0 Unauthenticated Arbitrary File Read (Metasploit)
14.01.2021
Suncsr
Med.
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
08.01.2021
SunCSR
Med.
WordPress Plugin W3 Total Cache Unauthenticated Arbitrary File Read (Metasploit)
06.01.2021
SunCSR
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
Med.
Wordpress Plugin Duplicator 1.3.26 Unauthenticated Arbitrary File Read (Metasploit)
18.12.2020
Nguyen
High
Gitlab 12.9.0 Arbitrary File Read (Authenticated)
19.11.2020
Jasper Rasenberg
Low
Amazon Web Services - Database Disclosure (Sensitive Information)
13.09.2020
Gh05t666nero
Med.
HelloWeb 2.0 Arbitrary File Download
11.07.2020
bRpsd
High
jizhi CMS 1.6.7 Arbitrary File Download
21.04.2020
iej1ctk1g
High
Webtateas 2.0 Arbitrary File Read
15.04.2020
CBIITMC
Low
UniSharp Laravel File Manager 2.0.0 Arbitrary File Read
04.03.2020
NgoAnhDuc
Low
Antiprizuv Form-Data Log Emails Information Disclosure
26.12.2019
L4663r666h05t
High
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read
03.09.2019
Todor Donev
Med.
Joomla JS Support Ticket 1.1.5 Arbitrary File Download
09.08.2019
qw3rTyTy
Med.
DuckSell 3.0.0 Database Disclosure
10.06.2019
KingSkrupellos
Med.
SmartLIB Library Software Database Disclosure
03.06.2019
KingSkrupellos
Med.
OpenEvSys Software 2.2 Database Disclosure
02.06.2019
KingSkrupellos
Med.
Open-EMR HealthCare Software 5.0.1 Database Disclosure
02.06.2019
KingSkrupellos
Med.
GinoCMS Software 2.x Database Disclosure
02.06.2019
KingSkrupellos
Med.
OCSInventory-NG Software CMS 2.6 RC Database Disclosure
02.06.2019
KingSkrupellos
Med.
AgniCMS 1.6 Database Disclosure
02.06.2019
KingSkrupellos
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
28.04.2019
Cisco Talos
Low
Sierra Wireless AirLink ES450 ACEManager Information Disclosure
28.04.2019
Cisco Talos
Med.
RingsDB Software 1.0.0 Database Disclosure
20.04.2019
KingSkrupellos
Med.
NIT-Warangal Dispensary Management System India 1.0 Database Disclosure
17.04.2019
KingSkrupellos
Med.
CyberShadeCMS v1 Database Disclosure
14.04.2019
KingSkrupellos
Med.
PragyanCMS 3.0 Beta Database Disclosure
14.04.2019
KingSkrupellos
Med.
TarichiCMS Web Publishing System v2 Database Disclosure
14.04.2019
KingSkrupellos
Med.
Opus Online Placement University System 4.2.0 Database Disclosure
12.04.2019
KingSkrupellos
Med.
OrangeScrum Project Management Software 1.6.1 Database Disclosure
12.04.2019
KingSkrupellos
Med.
Gibbonedu The Flexible School Platform 17.0.00 Database Disclosure
12.04.2019
KingSkrupellos
Med.
JobSkee Open Source JobBoard 1.1.3 Database Disclosure
12.04.2019
KingSkrupellos
Med.
MajorDoMo Domestic Module Database Disclosure
10.04.2019
KingSkrupellos
High
Themosis Framework BookStore 1.3.0 Database Disclosure
10.04.2019
KingSkrupellos
High
NekoCMS 2.5 Database Disclosure
10.04.2019
KingSkrupellos
High
YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure
10.04.2019
KingSkrupellos
Med.
Norbye CMS Database Disclosure
10.04.2019
KingSkrupellos
Med.
Nova CMS Software 3.77.3 Database Disclosure
08.04.2019
KingSkrupellos
Med.
NeoFragCMS Alpha 0.2.1 Database Disclosure
05.04.2019
KingSkrupellos
High
TheDayLightStudio GetFuelCMS 0.9.3 Database Disclosure
05.04.2019
KingSkrupellos
High
YonaCMS Software 1.3.2 Database Disclosure
05.04.2019
KingSkrupellos
Med.
Senayan Slims Meranti 5 Database Disclosure
04.04.2019
KingSkrupellos
Med.
ClipBucket 2.6 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Luya CMS 1.0.0 Database Disclosure
04.04.2019
KingSkrupellos
Med.
OpenMonero MyMonero 1.1.9 Database Disclosure
04.04.2019
KingSkrupellos
Med.
RainCMS Alpha 1.0 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Complaint Management System CMS 4.0.4.1 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Mash Project Integrated 4.2.7.1 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
DataWrapper ProtoType 0.8 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
Ektron CMS 9 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
Shinobi Security Software 1.0 Database Disclosure Exploit
02.04.2019
KingSkrupellos
High
WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure
28.03.2019
KingSkrupellos
Med.
WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure
27.03.2019
KingSkrupellos
Med.
Independent University of Bangladesh IUB Database Disclosure
22.03.2019
KingSkrupellos
Med.
F3-CMS FatFreeFramework 0.0.1 Database Disclosure
15.02.2019
KingSkrupellos
High
WordPress Ad Manager WD 1.0.11 Arbitrary File Download
29.01.2019
41!kh4224rDz
Med.
Papoo CMS PKalender Plugins 3.5 Database Disclosure
28.01.2019
KingSkrupellos
Med.
Joomla RSFirewall Components 2.11.25 Database and Password Disclosure
25.01.2019
KingSkrupellos
Med.
Joomla JVFramework Components 1.6.4.0 Database Disclosure
21.01.2019
KingSkrupellos
Med.
Joomla Akeeba Backup Components 6.3.3 Database Disclosure
19.01.2019
KingSkrupellos
Med.
Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection
19.01.2019
KingSkrupellos
Low
Mozilla Firefox 64 Information Disclosure
18.01.2019
Dr. Vladimir Bostanov
Med.
Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure
18.01.2019
KingSkrupellos
Med.
eBrigade ERP 4.5 Arbitrary File Download
11.01.2019
Ozkan Mustafa Akkus
Med.
Typo3 CMS twwc_pages Extension 8.7.x Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS Site Crawler Extension 6.1.2 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS pw_highslide_gallery Extension 0.3.1 Database Disclosure
04.01.2019
KingSkrupellos


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-10-23
Waiting for details
CVE-2024-9530

Updating...
 

 
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.

 
2024-10-22
Waiting for details
CVE-2024-9541

Updating...
 

 
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

 
Waiting for details
CVE-2024-9627

Updating...
 

 
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.

 
Waiting for details
CVE-2024-8852

Updating...
 

 
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.

 
Waiting for details
CVE-2024-50312

Updating...
 

 
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

 
2024-10-19
Waiting for details
CVE-2024-9889

Updating...
 

 
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.

 
2024-10-17
Waiting for details
CVE-2024-7417

Updating...
 

 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.

 
Waiting for details
CVE-2024-49284

Updating...
 

 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1.

 
2024-10-16
Waiting for details
CVE-2024-9540

Updating...
 

 
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

 
Waiting for details
CVE-2017-20194

Updating...
 

 
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top