High · CVSS 7.5
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Published Sep 1, 2016 · Updated May 29, 2026
Medium · CVSS 5.3
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
Published Sep 15, 2021 · Updated May 29, 2026
High · CVSS 7.5 · CISA KEV
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
Published Sep 19, 2016 · Updated Jan 12, 2026
Unknown · CVSS Not scored
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
Published Sep 16, 2016 · Updated Nov 14, 2025
Medium · CVSS 6.5 · CISA KEV
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Published Sep 14, 2016 · Updated Oct 21, 2025
High · CVSS 7.5
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
Published Sep 20, 2022 · Updated May 29, 2025
Unknown · CVSS Not scored
Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.
Published Sep 30, 2016 · Updated Oct 10, 2024
Unknown · CVSS Not scored
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
Published Sep 13, 2017 · Updated Sep 17, 2024
High · CVSS 8.8
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.
Published Sep 7, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.
Published Sep 29, 2017 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
Published Sep 20, 2017 · Updated Sep 17, 2024
High · CVSS 8.8
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.
Published Sep 17, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.
Published Sep 6, 2016 · Updated Sep 16, 2024
High · CVSS 7.4
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system.
Published Sep 10, 2018 · Updated Sep 16, 2024
Medium · CVSS 6.2
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.
Published Sep 7, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Published Sep 20, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.
Published Sep 13, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.
Published Sep 6, 2016 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Published Sep 5, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
Published Sep 11, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode.
Published Sep 6, 2016 · Updated Sep 16, 2024
Unknown · CVSS Not scored
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
Published Sep 5, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
Published Sep 5, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
Published Sep 24, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
Published Sep 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.
Published Sep 17, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.
Published Sep 17, 2019 · Updated Aug 6, 2024