CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000212 | critical | 9.8 | 9.8 | 9y ago | alchemist.vim vulnerable to remote code execution | |||
| CVE-2017-1000206 | critical | 9.8 | 9.8 | 9y ago | samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | |||
| CVE-2017-16872 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overf… | |||
| CVE-2017-1000158 | critical | 9.8 | 9.8 | 9y ago | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code ex… | |||
| CVE-2017-1000232 | critical | 9.8 | 9.8 | 9y ago | A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | |||
| CVE-2017-1000231 | critical | 9.8 | 9.8 | 9y ago | A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | |||
| CVE-2017-1000228 | critical | 9.8 | 9.8 | 9y ago | nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | |||
| CVE-2017-1000173 | critical | 9.8 | 9.8 | 9y ago | Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join… | |||
| CVE-2017-1000172 | critical | 9.8 | 9.8 | 9y ago | Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being us… | |||
| CVE-2017-1000197 | critical | 9.8 | 9.8 | 9y ago | October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. | |||
| CVE-2017-1000196 | critical | 9.8 | 9.8 | 9y ago | October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | |||
| CVE-2017-1000194 | critical | 9.8 | 9.8 | 9y ago | October CMS File Upload Vulnerability | |||
| CVE-2017-1000220 | critical | 9.8 | 9.8 | 9y ago | PIDUsage Enables OS Command Injection | |||
| CVE-2017-1000210 | critical | 9.8 | 9.8 | 9y ago | picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack | |||
| CVE-2017-1000219 | critical | 9.8 | 9.8 | 9y ago | Command Execution in windows-cpu | |||
| CVE-2017-1000218 | critical | 9.8 | 9.8 | 9y ago | LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. | |||
| CVE-2017-0847 | critical | 9.8 | 9.8 | 9y ago | An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. | |||
| CVE-2017-16851 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | |||
| CVE-2017-16850 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | |||
| CVE-2017-16849 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | |||
| CVE-2017-16848 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | |||
| CVE-2017-16847 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | |||
| CVE-2017-16846 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | |||
| CVE-2017-16844 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code… | |||
| CVE-2017-12337 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthoriz… | |||
| CVE-2017-1000248 | critical | 9.8 | 9.8 | 9y ago | Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis | |||
| CVE-2017-5533 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with… | |||
| CVE-2017-12634 | critical | 9.8 | 9.8 | 9y ago | Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation | |||
| CVE-2017-12633 | critical | 9.8 | 9.8 | 9y ago | Apache Camel camel-hessian component vulnerable to Java object deserialization | |||
| CVE-2017-8809 | critical | 9.8 | 9.8 | 9y ago | api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | |||
| CVE-2017-7851 | high | 8.8 | 9.8 | 9y ago | D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | |||
| CVE-2017-12739 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected … | |||
| CVE-2017-16820 | critical | 9.8 | 9.8 | 9y ago | The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other imp… | |||
| CVE-2017-6274 | critical | 9.8 | 9.8 | 9y ago | An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated … | |||
| CVE-2017-1710 | critical | 9.8 | 9.8 | 9y ago | A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. | |||
| CVE-2017-1221 | critical | 9.8 | 9.8 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force … | |||
| CVE-2017-14024 | critical | 9.8 | 9.8 | 9y ago | A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The … | |||
| CVE-2017-0907 | critical | 9.8 | 9.8 | 9y ago | Critical severity vulnerability that affects recurly-api-client | |||
| CVE-2017-10871 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. | |||
| CVE-2017-13846 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial o… | |||
| CVE-2017-13832 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0… | |||
| CVE-2017-13815 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial o… | |||
| CVE-2017-13802 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13798 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13797 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13796 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13795 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13794 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13792 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13791 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13785 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13784 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-13783 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected… | |||
| CVE-2017-16764 | critical | 9.8 | 9.8 | 9y ago | An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulti… | |||
| CVE-2017-16763 | critical | 9.8 | 9.8 | 9y ago | An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load fun… | |||
| CVE-2017-16521 | critical | 9.8 | 9.8 | 9y ago | In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | |||
| CVE-2017-16634 | critical | 9.8 | 9.8 | 9y ago | In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | |||
| CVE-2017-12969 | high | 8.8 | 9.8 | 9y ago | Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or exe… | |||
| CVE-2017-0909 | critical | 9.8 | 9.8 | 9y ago | private_address_check contains Incomplete List of Disallowed Inputs | |||
| CVE-2017-0905 | critical | 9.8 | 9.8 | 9y ago | Recurly gem Server-Side Request Forgery in Resource#find method | |||
| CVE-2017-16618 | critical | 9.8 | 9.8 | 9y ago | An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python c… | |||
| CVE-2017-16616 | critical | 9.8 | 9.8 | 9y ago | An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting… | |||
| CVE-2017-16615 | critical | 9.8 | 9.8 | 9y ago | An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser… | |||
| CVE-2017-16561 | critical | 9.8 | 9.8 | 9y ago | /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | |||
| CVE-2017-2922 | critical | 9.8 | 9.8 | 9y ago | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while l… | |||
| CVE-2017-2921 | critical | 9.8 | 9.8 | 9y ago | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to … | |||
| CVE-2017-2894 | critical | 9.8 | 9.8 | 9y ago | An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow… | |||
| CVE-2017-2892 | critical | 9.8 | 9.8 | 9y ago | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory… | |||
| CVE-2017-2891 | critical | 9.8 | 9.8 | 9y ago | An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed poi… | |||
| CVE-2017-2864 | critical | 9.8 | 9.8 | 9y ago | An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be retur… | |||
| CVE-2017-12085 | critical | 9.8 | 9.8 | 9y ago | An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An atta… | |||
| CVE-2017-15887 | critical | 9.8 | 9.8 | 9y ago | An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-f… | |||
| CVE-2017-16638 | critical | 9.8 | 9.8 | 9y ago | The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by … | |||
| CVE-2017-16570 | high | 8.8 | 9.8 | 9y ago | Cross-Site Request Forgery (CSRF) in keystone | |||
| CVE-2017-16524 | high | 8.8 | 9.8 | 9y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar… | |||
| CVE-2017-16548 | critical | 9.8 | 9.8 | 9y ago | The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (… | |||
| CVE-2017-16542 | high | 8.8 | 9.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |||
| CVE-2017-1000171 | critical | 9.8 | 9.8 | 9y ago | Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | |||
| CVE-2017-1000154 | critical | 9.8 | 9.8 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log… | |||
| CVE-2017-1000153 | critical | 9.8 | 9.8 | 9y ago | Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default… | |||
| CVE-2017-1000152 | critical | 9.8 | 9.8 | 9y ago | Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation… | |||
| CVE-2017-16523 | critical | 9.8 | 9.8 | 9y ago | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | |||
| CVE-2017-11767 | critical | 9.8 | 9.8 | 9y ago | ChakraCore vulnerable to privilege escalation | |||
| CVE-2017-16510 | critical | 9.8 | 9.8 | 9y ago | WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "d… | |||
| CVE-2017-1000121 | critical | 9.8 | 9.8 | 9y ago | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subse… | |||
| CVE-2017-16352 | high | 8.8 | 9.8 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. … | |||
| CVE-2017-1000245 | critical | 9.8 | 9.8 | 9y ago | Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext | |||
| CVE-2017-14027 | critical | 9.8 | 9.8 | 9y ago | A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G versio… | |||
| CVE-2017-14021 | critical | 9.8 | 9.8 | 9y ago | A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G … | |||
| CVE-2017-16244 | high | 8.8 | 9.8 | 9y ago | October CMS CSRF | |||
| CVE-2017-14375 | critical | 9.8 | 9.8 | 9y ago | EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512,… | |||
| CVE-2017-14356 | critical | 9.8 | 9.8 | 9y ago | An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQ… | |||
| CVE-2017-7411 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha… | |||
| CVE-2017-16228 | critical | 9.8 | 9.8 | 9y ago | Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017… | |||
| CVE-2017-15999 | critical | 9.8 | 9.8 | 9y ago | In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with a… | |||
| CVE-2017-15994 | critical | 9.8 | 9.8 | 9y ago | rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has signi… | |||
| CVE-2017-15957 | high | 8.8 | 9.8 | 9y ago | my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |||
| CVE-2017-15946 | critical | 9.8 | 9.8 | 9y ago | In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. | |||
| CVE-2017-15366 | critical | 9.8 | 9.8 | 9y ago | Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client… | |||
| CVE-2017-15919 | critical | 9.8 | 9.8 | 9y ago | The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. |