The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted...
5.7AI Score
0.003EPSS
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE)...
7.6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to...
5.3AI Score
0.001EPSS
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to...
8.1AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to...
6AI Score
0.003EPSS
The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The Yellow Pages Local Search (aka com.yellowbook.android2) application 11.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web...
6.1AI Score
0.002EPSS
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word...
7.6AI Score
0.047EPSS
SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to...
8.8AI Score
0.008EPSS
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url...
6.9AI Score
0.03EPSS
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP...
7.6AI Score
0.012EPSS
Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow....
7.8AI Score
0.235EPSS