CVEs from 2015
Total
7,323
critical
critical 1,307
high
high 1,666
medium
medium 3,617
low
low 553
% Critical
17.8%
% with KEV
0.6%
% with exploit
0.6%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-5081 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified … | |
| CVE-2015-5607 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery in the REST API in IPython 2 and 3. | |
| CVE-2015-0276 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |
| CVE-2015-5173 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails wit… | |
| CVE-2015-5170 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime Cross-Site Request Forgery vulnerability | |
| CVE-2015-2878 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco… | |
| CVE-2015-5227 | high | 8.8 | 8.8 | 9y ago | The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | |
| CVE-2015-7715 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests th… | |
| CVE-2015-7504 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via … | |
| CVE-2015-2673 | high | 8.8 | 8.8 | 9y ago | The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a… | |
| CVE-2015-2143 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecifi… | |
| CVE-2015-7843 | high | 8.8 | 8.8 | 9y ago | The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R00… | |
| CVE-2015-6576 | high | 8.8 | 8.8 | 9y ago | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | |
| CVE-2015-9233 | high | 8.8 | 8.8 | 9y ago | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in… | |
| CVE-2015-7293 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | |
| CVE-2015-5182 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |
| CVE-2015-5237 | high | 8.8 | 8.8 | 9y ago | protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | |
| CVE-2015-5395 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | |
| CVE-2015-1329 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | |
| CVE-2015-4089 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the… | |
| CVE-2015-9228 | high | 8.8 | 8.8 | 9y ago | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | |
| CVE-2015-4724 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Concrete5 5.7.3.1. | |
| CVE-2015-4697 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. | |
| CVE-2015-3450 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | |
| CVE-2015-0853 | high | 8.8 | 8.8 | 9y ago | svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |
| CVE-2015-5958 | high | 8.8 | 8.8 | 9y ago | phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | |
| CVE-2015-8334 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTT… | |
| CVE-2015-3655 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators b… | |
| CVE-2015-8332 | high | 8.8 | 8.8 | 9y ago | Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p… | |
| CVE-2015-1443 | high | 8.8 | 8.8 | 9y ago | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |
| CVE-2015-8355 | high | 8.8 | 8.8 | 9y ago | Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" par… | |
| CVE-2015-7259 | high | 8.8 | 8.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login t… | |
| CVE-2015-7258 | high | 8.8 | 8.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |
| CVE-2015-5258 | high | 8.8 | 8.8 | 9y ago | springframework-social Cross-Site Request Forgery vulnerability | |
| CVE-2015-5153 | high | 8.8 | 8.8 | 9y ago | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | |
| CVE-2015-7894 | high | 8.8 | 8.8 | 9y ago | The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process… | |
| CVE-2015-7854 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly… | |
| CVE-2015-7849 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via… | |
| CVE-2015-1332 | high | 8.8 | 8.8 | 9y ago | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute a… | |
| CVE-2015-2280 | high | 8.8 | 8.8 | 9y ago | snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands v… | |
| CVE-2015-4639 | high | 8.8 | 8.8 | 9y ago | Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web sc… | |
| CVE-2015-3639 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | |
| CVE-2015-3638 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to … | |
| CVE-2015-1786 | high | 8.8 | 8.8 | 9y ago | Zend Framework CSRF Vulnerability | |
| CVE-2015-2252 | high | 8.8 | 8.8 | 9y ago | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | |
| CVE-2015-3191 | high | 8.8 | 8.8 | 9y ago | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable … | |
| CVE-2015-8257 | high | 8.8 | 8.8 | 9y ago | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_… | |
| CVE-2015-7569 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |
| CVE-2015-0104 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… | |
| CVE-2015-6568 | high | 8.8 | 8.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" … | |
| CVE-2015-6567 | high | 8.8 | 8.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exp… | |
| CVE-2015-8284 | high | 8.8 | 8.8 | 9y ago | SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | |
| CVE-2015-7563 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | |
| CVE-2015-7893 | high | 8.8 | 8.8 | 9y ago | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |
| CVE-2015-8255 | high | 8.8 | 8.8 | 9y ago | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | |
| CVE-2015-7274 | high | 8.8 | 8.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |
| CVE-2015-6028 | high | 8.8 | 8.8 | 9y ago | Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | |
| CVE-2015-2889 | high | 8.8 | 8.8 | 9y ago | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. | |
| CVE-2015-2880 | high | 8.8 | 8.8 | 9y ago | TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | |
| CVE-2015-8671 | high | 8.8 | 8.8 | 9y ago | Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | |
| CVE-2015-8624 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant … | |
| CVE-2015-8623 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote at… | |
| CVE-2015-3884 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute… | |
| CVE-2015-8989 | high | 8.8 | 8.8 | 9y ago | Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user pa… | |
| CVE-2015-8988 | high | 8.8 | 8.8 | 9y ago | Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of… | |
| CVE-2015-8814 | high | 8.8 | 8.8 | 9y ago | Umbraco CMS vulnerable to CSRF | |
| CVE-2015-8832 | high | 8.8 | 8.8 | 9y ago | Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries… | |
| CVE-2015-8322 | high | 8.8 | 8.8 | 9y ago | NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |
| CVE-2015-2181 | high | 8.8 | 8.8 | 9y ago | Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | |
| CVE-2015-2180 | high | 8.8 | 8.8 | 9y ago | The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | |
| CVE-2015-4593 | high | 8.8 | 8.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content a… | |
| CVE-2015-4592 | high | 8.8 | 8.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as… | |
| CVE-2015-3441 | high | 8.8 | 8.8 | 10y ago | The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) … | |
| CVE-2015-8542 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Cl… | |
| CVE-2015-6397 | high | 8.8 | 8.8 | 10y ago | Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that acco… | |
| CVE-2015-8157 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Contro… | |
| CVE-2015-8823 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |
| CVE-2015-7801 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. | |
| CVE-2015-8540 | high | 8.8 | 8.8 | 10y ago | Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.… | |
| CVE-2015-8604 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in… | |
| CVE-2015-7330 | high | 8.8 | 8.8 | 10y ago | Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | |
| CVE-2015-6541 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users… | |
| CVE-2015-8840 | high | 8.8 | 8.8 | 10y ago | The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly h… | |
| CVE-2015-8154 | high | 8.8 | 8.8 | 10y ago | The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code… | |
| CVE-2015-8153 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-7446 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitr… | |
| CVE-2015-8822 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8821 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8820 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8658 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8657 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8656 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8655 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8654 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-8653 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |
| CVE-2015-8652 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |
| CVE-2015-6022 | high | 8.8 | 8.8 | 10y ago | Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file v… | |
| CVE-2015-5351 | high | 8.8 | 8.8 | 10y ago | The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh… | |
| CVE-2015-5338 | high | 8.8 | 8.8 | 10y ago | Moodle multiple cross-site request forgery (CSRF) vulnerabilities | |
| CVE-2015-5050 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.… |