CVEs from 2015
Total
7,313
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.9%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-5081 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified … | |
| CVE-2015-5607 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery in the REST API in IPython 2 and 3. | |
| CVE-2015-0276 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |
| CVE-2015-5173 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails wit… | |
| CVE-2015-5170 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime Cross-Site Request Forgery vulnerability | |
| CVE-2015-2878 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco… | |
| CVE-2015-5227 | high | 8.8 | 8.8 | 9y ago | The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | |
| CVE-2015-7715 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests th… | |
| CVE-2015-7504 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via … | |
| CVE-2015-2673 | high | 8.8 | 8.8 | 9y ago | The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a… | |
| CVE-2015-2143 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecifi… | |
| CVE-2015-7843 | high | 8.8 | 8.8 | 9y ago | The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R00… | |
| CVE-2015-6576 | high | 8.8 | 8.8 | 9y ago | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | |
| CVE-2015-9233 | high | 8.8 | 8.8 | 9y ago | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in… | |
| CVE-2015-7293 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | |
| CVE-2015-5182 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |
| CVE-2015-5237 | high | 8.8 | 8.8 | 9y ago | protobuf susceptible to buffer overflow | |
| CVE-2015-5395 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | |
| CVE-2015-1329 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | |
| CVE-2015-4089 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the… | |
| CVE-2015-9228 | high | 8.8 | 8.8 | 9y ago | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | |
| CVE-2015-4724 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Concrete5 5.7.3.1. | |
| CVE-2015-4697 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. | |
| CVE-2015-3450 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | |
| CVE-2015-0853 | high | 8.8 | 8.8 | 9y ago | svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |
| CVE-2015-5958 | high | 8.8 | 8.8 | 9y ago | phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | |
| CVE-2015-8334 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTT… | |
| CVE-2015-3655 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators b… | |
| CVE-2015-8332 | high | 8.8 | 8.8 | 9y ago | Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p… | |
| CVE-2015-1443 | high | 8.8 | 8.8 | 9y ago | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |
| CVE-2015-8355 | high | 8.8 | 8.8 | 9y ago | Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" par… | |
| CVE-2015-7259 | high | 8.8 | 8.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login t… | |
| CVE-2015-7258 | high | 8.8 | 8.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |
| CVE-2015-5258 | high | 8.8 | 8.8 | 9y ago | springframework-social Cross-Site Request Forgery vulnerability | |
| CVE-2015-5153 | high | 8.8 | 8.8 | 9y ago | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | |
| CVE-2015-7894 | high | 8.8 | 8.8 | 9y ago | The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process… | |
| CVE-2015-7854 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly… | |
| CVE-2015-7849 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via… | |
| CVE-2015-1332 | high | 8.8 | 8.8 | 9y ago | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute a… | |
| CVE-2015-2280 | high | 8.8 | 8.8 | 9y ago | snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands v… | |
| CVE-2015-4639 | high | 8.8 | 8.8 | 9y ago | Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web sc… | |
| CVE-2015-3639 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | |
| CVE-2015-3638 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to … | |
| CVE-2015-1786 | high | 8.8 | 8.8 | 9y ago | Zend Framework CSRF Vulnerability | |
| CVE-2015-2252 | high | 8.8 | 8.8 | 9y ago | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | |
| CVE-2015-3191 | high | 8.8 | 8.8 | 9y ago | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable … | |
| CVE-2015-8257 | high | 8.8 | 8.8 | 9y ago | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_… | |
| CVE-2015-7569 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |
| CVE-2015-0104 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… | |
| CVE-2015-6568 | high | 8.8 | 8.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" … | |
| CVE-2015-6567 | high | 8.8 | 8.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exp… | |
| CVE-2015-8284 | high | 8.8 | 8.8 | 9y ago | SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | |
| CVE-2015-7563 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | |
| CVE-2015-7893 | high | 8.8 | 8.8 | 9y ago | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |
| CVE-2015-8255 | high | 8.8 | 8.8 | 9y ago | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | |
| CVE-2015-7274 | high | 8.8 | 8.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |
| CVE-2015-6028 | high | 8.8 | 8.8 | 9y ago | Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | |
| CVE-2015-2889 | high | 8.8 | 8.8 | 9y ago | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. | |
| CVE-2015-2880 | high | 8.8 | 8.8 | 9y ago | TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | |
| CVE-2015-8671 | high | 8.8 | 8.8 | 9y ago | Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | |
| CVE-2015-8624 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant … | |
| CVE-2015-8623 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote at… | |
| CVE-2015-3884 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute… | |
| CVE-2015-8989 | high | 8.8 | 8.8 | 9y ago | Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user pa… | |
| CVE-2015-8988 | high | 8.8 | 8.8 | 9y ago | Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of… | |
| CVE-2015-8814 | high | 8.8 | 8.8 | 9y ago | Umbraco CMS vulnerable to CSRF | |
| CVE-2015-8832 | high | 8.8 | 8.8 | 9y ago | Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries… | |
| CVE-2015-8322 | high | 8.8 | 8.8 | 9y ago | NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |
| CVE-2015-2181 | high | 8.8 | 8.8 | 10y ago | Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | |
| CVE-2015-2180 | high | 8.8 | 8.8 | 10y ago | The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | |
| CVE-2015-4593 | high | 8.8 | 8.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content a… | |
| CVE-2015-4592 | high | 8.8 | 8.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as… | |
| CVE-2015-3441 | high | 8.8 | 8.8 | 10y ago | The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) … | |
| CVE-2015-8542 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Cl… | |
| CVE-2015-6397 | high | 8.8 | 8.8 | 10y ago | Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that acco… | |
| CVE-2015-8157 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Contro… | |
| CVE-2015-8823 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |
| CVE-2015-7801 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. | |
| CVE-2015-8540 | high | 8.8 | 8.8 | 10y ago | Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.… | |
| CVE-2015-8604 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in… | |
| CVE-2015-7330 | high | 8.8 | 8.8 | 10y ago | Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | |
| CVE-2015-6541 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users… | |
| CVE-2015-8840 | high | 8.8 | 8.8 | 10y ago | The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly h… | |
| CVE-2015-8154 | high | 8.8 | 8.8 | 10y ago | The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code… | |
| CVE-2015-8153 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-7446 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitr… | |
| CVE-2015-8822 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8821 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8820 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8658 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8657 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8656 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8655 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8654 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8653 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8652 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-6022 | high | 8.8 | 8.8 | 10y ago | Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file v… | |
| CVE-2015-5351 | high | 8.8 | 8.8 | 10y ago | Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token | |
| CVE-2015-5338 | high | 8.8 | 8.8 | 10y ago | Moodle multiple cross-site request forgery (CSRF) vulnerabilities | |
| CVE-2015-5050 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.… |