CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8170 matches found

OSV•added 2018/12/03 6:29 a.m.•1 views

CVE-2018-19796

An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php aka submissions download page redirect parameter...

6.1CVSS5.8AI score

Exploits0References3

Prion•added 2018/12/03 6:29 a.m.•16 views

Open redirect

5.8CVSS6.3AI score0.01581EPSS

Exploits1References3Affected Software1

NVD•added 2018/12/03 6:29 a.m.•23 views

CVE-2018-19796

6.1CVSS6.3AI score0.01581EPSS

Exploits1References3

Cvelist•added 2018/12/03 6:0 a.m.•18 views

CVE-2018-19796

6.3AI score0.01581EPSS

Exploits1References3

CVE•added 2018/12/03 6:0 a.m.•45 views

CVE-2018-19796

CVE-2018-19796 – Open Redirect in Ninja Forms (WordPress) . Affected software: WordPress Ninja Forms plugin versions before 3.3.19.1. Component: lib/StepProcessing/step-processing.php (submission/download page). Root cause: improper handling of the redirect parameter enables remote attackers to r...

6.1CVSS6.3AI score0.01581EPSS

Exploits1References3Affected Software1

CNVD•added 2018/12/03 12:0 a.m.•2 views

Ninja Forms Open Redirect Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Ninja Forms plugin is used in one of the form creation component . An open redirect vulnerability exists in...

6.1CVSS6.6AI score0.01581EPSS

Exploits1References1

WPVulnDB•added 2018/12/01 12:0 a.m.•14 views

Ninja Forms <= 3.3.19 - Authenticated Open Redirect

Open Redirect vulnerability in download submission page using URL parameter...

5.8CVSS2.3AI score0.01581EPSS

Exploits1References1Affected Software1

Packet Storm•added 2018/11/29 12:0 a.m.•84 views

WordPress Jazzy Forms 1.1.1 Database Backup Disclosure

Exploit Title : WordPress jazzy-forms Plugins 1.1.1 Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 30/11/2018 Vendor Homepage : wordpress.org/plugins/jazzy-forms/ Software Download Link :...

7.4AI score

Exploits0

Cvelist•added 2018/11/27 9:0 p.m.•18 views

CVE-2018-14892

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...

8.7AI score0.00875EPSS

Exploits1References1

OSV•added 2018/11/27 8:29 p.m.•1 views

CVE-2018-14892

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...

8.8CVSS5.8AI score0.00875EPSS

Exploits1References1

Prion•added 2018/11/27 8:29 p.m.•9 views

Cross site request forgery (csrf)

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...

6.8CVSS8.6AI score0.00875EPSS

Exploits1References1Affected Software1

CNVD•added 2018/11/16 12:0 a.m.•2 views

SAP NetWeaver Knowledge Management (XMLForms) XML External Entity Injection Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications. An XML external entity injection vulnerability exists in Knowledge Management XMLForms in SAP NetWeaver, which can be exploited by an attacker to gain...

8.8CVSS7.4AI score0.01732EPSS

Exploits0References1

OSV•added 2018/11/15 6:29 a.m.•2 views

CVE-2018-19287

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php aka submissions page begindate, enddate, or formid parameter...

6.1CVSS5.9AI score0.08071EPSS

Exploits5References3

Prion•added 2018/11/15 6:29 a.m.•12 views

Design/Logic Flaw

4.3CVSS6.2AI score0.08071EPSS

Exploits5References3Affected Software1

NVD•added 2018/11/15 6:29 a.m.•17 views

CVE-2018-19287

6.1CVSS6.2AI score0.08071EPSS

Exploits5References3

Cvelist•added 2018/11/15 5:0 a.m.•16 views

CVE-2018-19287

6.2AI score0.08071EPSS

Exploits5References3

CVE•added 2018/11/15 5:0 a.m.•94 views

CVE-2018-19287

CVE-2018-19287 affects WordPress Ninja Forms plugin

6.1CVSS6.1AI score0.08071EPSS

Exploits5References3Affected Software1

Patchstack•added 2018/11/15 12:0 a.m.•24 views

WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.17. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.18...

6.1CVSS2.2AI score0.08071EPSS

Exploits5References1Affected Software1

exploitpack•added 2018/11/15 12:0 a.m.•40 views

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested...

4.3CVSS0.1AI score0.08071EPSS

Exploits5

Packet Storm•added 2018/11/15 12:0 a.m.•312 views

WordPress Ninja Forms 3.3.17 Cross Site Scripting

Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...

6.3AI score0.08071EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by