CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8659 matches found

Cvelist•added 2019/10/03 1:17 p.m.•19 views

CVE-2019-15809

Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private...

4.7AI score0.00105EPSS

Exploits1References6

WPVulnDB•added 2019/10/02 12:0 a.m.•21 views

Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored XSS

NinTechNet discovered a multiple security issues within the Download Plugins and Themes from Dashboard WordPress plugin. The plugin's setting update request did not check for authorisation, allowing an unauthenticated user to inject malicious JavaScript, which would be stored in the backend...

4.3CVSS1.5AI score0.00302EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2019/09/26 12:0 a.m.•13 views

Duplicate Post <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS)

The Duplicate Post plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS. However, the POST request had a CSRF nonce that was verified, and no user's without the unfilteredhtml capability, such as Author or Subscriber, were able to access the affected Duplicate Post settings page...

1.2AI score

Exploits0References3Affected Software1

NVD•added 2019/09/20 3:15 p.m.•17 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS5.4AI score0.00157EPSS

Exploits0References2

OSV•added 2019/09/20 3:15 p.m.•2 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.3CVSS5.8AI score

Exploits0References2

Prion•added 2019/09/20 3:15 p.m.•11 views

Design/Logic Flaw

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5CVSS7.2AI score0.00157EPSS

Exploits0References2Affected Software1

CVE•added 2019/09/20 2:7 p.m.•46 views

CVE-2016-10996

The CVE-2016-10996 vulnerability affects the WordPress OptinMonster plugin prior to version 1.1.4.6. The root cause is incorrect access control for shortcode execution caused by a nonce leak, allowing an attacker to exploit shortcode handling. Several sources confirm the issue and reference the s...

5.3CVSS5.4AI score0.00157EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/09/20 2:7 p.m.•20 views

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

5.5AI score0.00157EPSS

Exploits0References2

Tenable Nessus•added 2019/09/16 12:0 a.m.•28 views

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-1890)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...

7.4CVSS6.3AI score0.03184EPSS

Exploits0References3

OpenVAS•added 2019/09/16 12:0 a.m.•29 views

WordPress Ad Inserter Plugin < 2.4.22 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113520";...

8.8CVSS8.8AI score0.08066EPSS

Exploits2References3

OpenVAS•added 2019/09/11 12:0 a.m.•19 views

WordPress WP Social Feed Gallery Plugin < 2.4.8 Authentication Bypass Vulnerability

8.8CVSS8.8AI score0.00202EPSS

Exploits0References2

Tenable Nessus•added 2019/09/05 12:0 a.m.•32 views

Rockwell Automation Stratix 5100 Wireless Access Point and Workgroup Bridge < 15.4 Reusing a Nonce (ICSA-17-299-02)

Binary data 720291.prm...

8.1CVSS8.4AI score0.0043EPSS

Exploits1References2

OSV•added 2019/08/29 1:15 p.m.•2 views

CVE-2019-15779

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...

8.8CVSS7.3AI score0.00202EPSS

Exploits0References2

NVD•added 2019/08/29 1:15 p.m.•10 views

CVE-2019-15779

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...

8.8CVSS8.8AI score0.00202EPSS

Exploits0References2

Prion•added 2019/08/29 1:15 p.m.•12 views

Input validation

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...

6.8CVSS8.7AI score0.00202EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/08/29 12:34 p.m.•18 views

CVE-2019-15779

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...

8.8AI score0.00202EPSS

Exploits0References2

CVE•added 2019/08/29 12:34 p.m.•43 views

CVE-2019-15779

The CVE-2019-15779 entry concerns the WordPress insta-gallery plugin prior to version 2.4.8, which has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. Consequence per sources indicates lack of CSRF/authorization checks could allow unauthorized actions, including potential ...

8.8CVSS8.7AI score0.00202EPSS

Exploits0References2Affected Software1

OSV•added 2019/08/29 12:15 p.m.•3 views

CVE-2019-15770

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...

8.8CVSS7.3AI score0.00109EPSS

Exploits0References2

NVD•added 2019/08/29 12:15 p.m.•9 views

CVE-2019-15770

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...

8.8CVSS8.8AI score0.00109EPSS

Exploits0References2