| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. |
| The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. |
| The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. |
| An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. |
| nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. |
| The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. |
| The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. |
| The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. |
| An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. |
| An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. |
| An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. |
| The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. |
| The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. |
| The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. |
| The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. |
| The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. |
| The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. |
| The corner-ad plugin before 1.0.8 for WordPress has XSS. |
| The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. |
