Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
added 2020/12/14 12:0 a.m.19 views

WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Self-Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Self-Reflected Cross-Site Scripting XSS vulnerability found by ack Misiura The Missing Link in WordPress Directories Pro premium plugin versions = 1.3.45. Solution Update the WordPress Directories Pro premium plugin to the latest available version at least 1.3.46...

6.1CVSS2.7AI score0.05483EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
added 2020/10/02 12:0 a.m.20 views

WordPress Microsoft Office 365 / Azure AD | LOGIN plugin <= 11.6 - JWT Signature Verification Bypass vulnerability

JWT Signature Verification Bypass vulnerability found by Philip Akesson in WordPress Microsoft Office 365 / Azure AD | LOGIN plugin versions = 11.6. Solution Update the WordPress Microsoft Office 365 / Azure AD | LOGIN plugin to the latest available version at least 11.7...

7.5CVSS3.3AI score0.02146EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.19 views

WordPress NewsMag theme <= 2.4.1 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet WordPress NewsMag theme versions = 2.4.1. Solution Update the WordPress NewsMag theme to the latest available version at least 2.4.2...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/09/08 12:0 a.m.19 views

WordPress Chamber Dashboard Business Directory plugin <= 3.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Mihkel Raba in WordPress Chamber Dashboard Business Directory plugin versions = 3.3.0. Solution Update the WordPress Chamber Dashboard Business Directory plugin to the latest available version at least 3.3.1...

6.1CVSS1.6AI score0.01011EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/08/14 12:0 a.m.19 views

WordPress Sell Media plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Metamorfosec in WordPress Sell Media plugin versions = 2.4.1. Solution Update the WordPress Sell Media plugin to the latest available version at least 2.4.2...

6.1CVSS3.1AI score0.09221EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2020/08/04 12:0 a.m.19 views

WordPress Extra premium theme <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Extra premium theme versions = 4.5.2. Solution Update the WordPress Extra premium theme to the latest available version at least 4.5.3...

9.9CVSS3.5AI score0.02356EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/08/04 12:0 a.m.19 views

WordPress Divi Builder plugin <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi Builder plugin versions = 4.5.2. Solution Update the WordPress Divi Builder plugin to the latest available version at least 4.5.3...

9.9CVSS3.4AI score0.02356EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/07/17 12:0 a.m.19 views

WordPress Email Subscribers & Newsletters plugin <= 4.5.0.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Tenable in WordPress Email Subscribers & Newsletters plugin versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 4.5.1...

6.5CVSS2.8AI score0.00917EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/05/14 12:0 a.m.19 views

WordPress WP Product Review Lite plugin <= 3.7.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sucuri in WordPress WP Product Review Lite plugin versions = 3.7.5. Solution Update the WordPress WP Product Review Lite plugin to the latest available version at least 3.7.6...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/04/19 12:0 a.m.19 views

WordPress Media Library Assistant plugin <= 2.81 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered in WordPress Media Library Assistant plugin versions = 2.81. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.82...

9.8CVSS6.6AI score0.03559EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/03/11 12:0 a.m.19 views

WordPress Import Export WordPress Users plugin <= 1.3.8 - Arbitrary User Creation vulnerability

Arbitrary User Creation vulnerability discovered by WordFence in WordPress Import Export WordPress Users plugin versions = 1.3.8. Solution Update the WordPress Import Export WordPress Users plugin to the latest available version at least 1.3.9...

8.8CVSS2.2AI score0.01727EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/01/31 12:0 a.m.19 views

WordPress Login by Auth0 plugin <= 3.11.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Muhamad Visat in WordPress Login by Auth0 plugin versions = 3.11.2. Solution Update the WordPress Login by Auth0 plugin to the latest available version at least 3.11.3...

6.1CVSS1.9AI score0.02462EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/01/22 12:0 a.m.19 views

WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...

5.3CVSS3.2AI score0.02168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/11/14 12:0 a.m.19 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <=5.127.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions =5.127.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.127.4...

6.1CVSS2.5AI score0.01307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/17 12:0 a.m.19 views

WordPress EU Cookie Law plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Tobias Fink SBA Research in WordPress EU Cookie Law plugin versions = 3.0.6. Solution 17 October 2019 - we were unable to find a patched version of this plugin...

4.8CVSS2AI score0.01033EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/10/17 12:0 a.m.19 views

WordPress WP SlackSync premium plugin <= 1.8.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability found by fs0c131y in WordPress WP SlackSync premium plugin versions = 1.8.5. Solution Update the WordPress WP SlackSync premium plugin to the latest available version at least 1.8.6...

7.5CVSS2.5AI score0.01677EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2019/08/29 12:0 a.m.19 views

WordPress WP Social Feed Gallery plugin <= 2.4.7 - Authorization Check vulnerability

Authorization Check vulnerability found in WordPress WP Social Feed Gallery plugin versions = 2.4.7. Solution Update the WordPress WP Social Feed Gallery plugin to the latest available version at least 2.4.8...

8.8CVSS3.8AI score0.00691EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/08/27 12:0 a.m.19 views

WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress UserPro plugin versions = 4.9.33. Solution 27 August 2019 - no patched version available...

6.1CVSS2.5AI score0.82962EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2019/07/26 12:0 a.m.19 views

WordPress AdRotate Banner Manager plugin <= 5.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Tin Duong in WordPress AdRotate Banner Manager plugin versions = 5.2. Solution Update the WordPress AdRotate Banner Manager plugin to the latest available version at least 5.3...

7.2CVSS3.7AI score0.01502EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/07/24 12:0 a.m.19 views

WordPress WPS Bidouille plugin <= 1.12.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Julio Potier in WordPress WPS Bidouille plugin versions = 1.12.2. Solution Update the WordPress WPS Bidouille plugin to the latest available version at least 1.12.4...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/06/18 12:0 a.m.19 views

WordPress SEO by Rank Math plugin <= 1.0.26 - Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Scripting XSS vulnerabilities found in WordPress SEO by Rank Math versions = 1.0.26. Solution Update the WordPress SEO by Rank Math to the latest available version at least 1.0.27...

1.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/05/29 12:0 a.m.19 views

WordPress WP Database Backup plugin <= 5.1.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability found by WordFence in WordPress WP Database Backup plugin versions = 5.1.2. Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.2...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/05/22 12:0 a.m.19 views

WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability

CSRF vulnerability to Authenticated SQL Injection vulnerability possible in WordPress WP Booking System versions = 1.5.1.1 found by Magnus K. Stubman. Solution Update the WordPress WP Booking System to the latest available version at least 1.5.2...

7.2CVSS3.1AI score0.00911EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/01/07 12:0 a.m.19 views

WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability

Phar Deserialization vulnerability found by Ripstech in WordPress WP Job Manager plugin versions = 1.31.2. Solution Update the WordPress WP Job Manager plugin to the latest available version at least 1.31.3...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/07/18 12:0 a.m.19 views

WordPress Geo Mashup plugin <= 1.10.3 - Unspecified Cross-Site Scripting (XSS) vulnerability

Unspecified Cross-Site Scripting XSS vulnerability found in WordPress Geo Mashup plugin versions = 1.10.3. Solution Update the WordPress Geo Mashup plugin to the latest available version at least 1.10.4...

9.8CVSS1.5AI score0.03054EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/07/18 12:0 a.m.19 views

WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Authenticated Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin versions = 4.6. Solution This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap...

4.8CVSS2.7AI score0.02003EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2018/06/03 12:0 a.m.19 views

WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability

Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

5.4CVSS1.3AI score0.00616EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2018/06/03 12:0 a.m.19 views

WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin <= 1.0.8 - Cross-site Request Forgery (CSRF) vulnerability

Cross-site Request Forgery CSRF vulnerability found by ThreatPress Research Team in WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin versions = 1.0.8. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

6.5CVSS2.7AI score0.00537EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2018/05/17 12:0 a.m.19 views

WordPress WP Live Chat Support plugin <=8.0.07 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Riccardo ten Cate in WordPress WP Live Chat Support plugin versions =8.0.07. Solution Update the WordPress WP Live Chat Support plugin to the latest available version at least 8.0.08...

4.8CVSS1.7AI score0.01098EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2018/04/09 12:0 a.m.19 views

WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Relevanssi plugin versions =4.0.4. Attackers can inject arbitrary JavaScript or HTML via the GET parameter. Solution 09.04.2018 - Several sources claim that you need to update to the version 4.1, but we were unable to find this version on...

5.4CVSS1.9AI score0.02009EPSS
Exploits5Affected Software1
Patchstack
Patchstack
added 2018/04/03 12:0 a.m.19 views

WordPress File Upload plugin <=4.3.2 - Security Issue in plugin shortcodes

Security Issue in plugin shortcodes found in WordPress File Upload plugin versions =4.3.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.3.3...

5.4CVSS2.7AI score0.03244EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2018/03/28 12:0 a.m.19 views

WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin versions =5.8.1.1. Solution Update the WordPress Events Manager plugin to the latest version at least 5.8.1.2...

5.4CVSS3AI score0.01058EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/03/02 12:0 a.m.19 views

WordPress File Manager plugin <=5.0.0 - Information Disclosure vulnerability

Information Disclosure vulnerability found in WordPress File Manager plugin versions =5.0.0. Solution Update the WordPress File Manager plugin to the latest available version at least 5.0.2...

7.5CVSS2.4AI score0.02872EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/30 12:0 a.m.19 views

WordPress Social Media Widget by Acurax plugin <=3.2.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Panagiotis Vagenas in WordPress Social Media Widget by Acurax plugin versions =3.2.5. Solution Update the WordPress Social Media Widget by Acurax plugin to the latest available version at least 3.2.6...

8.8CVSS3.2AI score0.00661EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/22 12:0 a.m.19 views

WordPress Booking calendar plugin <=2.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by d4wner in WordPress Booking calendar plugin versions =2.1.7. Solution Update the WordPress Booking calendar plugin to the latest available version at least 2.1.8...

8.8CVSS3.5AI score0.00768EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.19 views

WordPress Simple Download Monitor plugin <=3.5.3 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin versions =3.5.3. Vulnerable to Cross-Site Scripting via the sdmupload parameter in an edit action to wp-admin/post.php. Solution Update the WordPress Simple Download Monitor plugin to...

5.4CVSS3.3AI score0.0102EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.19 views

WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Vulnerable via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

6.1CVSS2.8AI score0.01265EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2017/11/20 12:0 a.m.19 views

WordPress Duplicator plugin <=1.2.28 – Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Duplicator plugin versions =1.2.28. The plugin is vulnerable due to incorrectly filtered values "urlnew" and "logging". Solution Update the WordPress Duplicator plugin to the latest available version at least...

6.1CVSS1.7AI score0.01017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.19 views

WordPress User Login History plugin <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress User Login History plugin versions =1.5. Solution Update the WordPress User Login History plugin to the latest available version at least version 1.6...

6.1CVSS1.1AI score0.01041EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2017/10/03 12:0 a.m.19 views

WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/09/28 12:0 a.m.19 views

WordPress Student Result or Employee Database plugin <=1.6.3 - Authorization Bypass vulnerability

Authorization Bypass vulnerability found by Lim Benjamin found in WordPress Student Result or Employee Database plugin version 1.6.3 and earlier versions. Specific Google dork could find vulnerable websites. Some functions of the plugin do not check the authorization. Solution Update the WordPres...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/08/16 12:0 a.m.19 views

WordPress AddToAny Share Buttons plugin <=1.7.14 - Conditional Host Header Injection vulnerability

Conditional Host Header Injection vulnerability found by Paul Dannewitz in WordPress AddToAny Share Buttons plugin. Vulnerable plugin version used Host header instead of homeurl thus allows custom Hostheader injection by crafted link, web cache poisoning and it may end up with sharing malicious...

1.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.19 views

WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. The vulnerability exists in the init.php file of the "Blacklist and Whitelist IP Wizard." Solution Update the WordPress Loginizer plugin to the latest...

8.8CVSS2.4AI score0.00714EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.19 views

WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability

Blind SQL Injection vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. Vulnerable due to http-header forwarding without any sanitization to lzselectquery and then $wpdb-getresults. Solution Update the WordPress Loginizer plugin to the late...

9.8CVSS2.9AI score0.01843EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2017/07/26 12:0 a.m.19 views

WordPress YouTube Embed Plus plugin <=11.8.1 - Cross-Site Request Forgery (CSRF) vulnerability

WordPress YouTube Embed Plus plugin version 11.8.1 vulnerable to the Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows an attacker to change plugin settings if he manages to trick admin user to follow the forged link. Solution Please update WordPress YouTube Embed plugin to...

4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/02/10 12:0 a.m.19 views

WordPress plugin WP Mail <=1.1 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress plugin WP Mail version 1.1 has Reflected Cross Site Scripting XSS vulnerability and allows an attacker to execute JavaScript in the context of the user receiving the mail. Solution Update plugin to the latest version at least 1.2...

6.1CVSS3AI score0.00957EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2016/11/28 12:0 a.m.19 views

WordPress Whois Domain Plugin - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/09/11 12:0 a.m.19 views

WordPress MailPoet Newsletters Plugin <= 2.7.2 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/07/20 12:0 a.m.19 views

WordPress Page Layout Builder Plugin <= 1.9.3 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...

6.1CVSS1.6AI score0.03462EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2016/06/23 12:0 a.m.19 views

WordPress <= 4.5.2 - XSS #1

WordPress version 4.5.2 is prone to a cross-site scripting XSS vulnerability in the wpgetattachmentlink function in wp-includes/post-template.php. It allows an attacker to inject arbitrary web script or HTML via a crafted attachment name. Related:...

6.1CVSS3.4AI score0.02123EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000