CNA 2015

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined44
NREL2
Dovgalyuk2
OpenDNS2
82Flex2

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

NREL api-umbrella-web2
Dovgalyuk AIBattle2
OpenDNS OpenResolve2
82Flex WEIPDCRM2
Thimo Grauerholz WP-Spreadplugin1

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix128
Temporary Fix0
Workaround0
Unavailable0
Not Defined0

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional0
Proof-of-Concept5
Unproven0
Not Defined122

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local2
Adjacent57
Network69

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High3
Low111
None14

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required49
None79

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤35
≤442
≤516
≤648
≤715
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k9
<2k118
<5k1
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
261676Thimo Grauerholz WP-Spreadplugin spreadplugin.php cross site scriptingVulDBVulDB04/20/202404/20/2024CVE-2015-10132
 
accepted
258620chrisy TFO Graphviz Plugin tfo-graphviz-admin.php admin_page cross site scriptingVulDBVulDB03/29/202403/29/2024CVE-2015-10131
 
accepted
252716planet-freo auth.inc.php comparisonVulDBVulDB02/02/202402/25/2024CVE-2015-10129
 
accepted
249422rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scriptingVulDBVulDB12/31/202301/22/2024CVE-2015-10128
 
accepted
248954PlusCaptcha Plugin cross site scriptingVulDBVulDB12/24/202301/18/2024CVE-2015-10127
 
accepted
241318Easy2Map Photos Plugin sql injectionVulDBVulDB10/04/202310/25/2023CVE-2015-10126
 
accepted
241317WP Ultimate CSV Importer Plugin cross-site request forgeryVulDBVulDB10/04/202310/25/2023CVE-2015-10125
 
accepted
241026Most Popular Posts Widget Plugin functions.php show_views sql injectionVulDBVulDB10/01/202310/23/2023CVE-2015-10124
 
accepted
234249wp-donate Plugin donate-display.php sql injectionVulDBVulDB07/16/202308/06/2023CVE-2015-10122
 
accepted
233365Beeliked Microsite Plugin beelikedmicrosite.php embed_handler cross site scriptingVulDBVulDB07/08/202307/26/2023CVE-2015-10121
 
accepted
233364WDS Multisite Aggregate Plugin WDS_Multisite_Aggregate_Options.php update_options cross site scriptingVulDBVulDB07/08/202307/25/2023CVE-2015-10120
 
accepted
233363View All Posts Page Plugin view-all-posts-pages.php action_admin_notices_activation cross site scriptingVulDBVulDB07/08/202307/25/2023CVE-2015-10119
 
accepted
231202cchetanonline WP-CopyProtect wp-copyprotect.php CopyProtect_options_page cross site scriptingVulDBVulDB06/10/202307/08/2023CVE-2015-10118
 
accepted
230664Gravity Forms DPS PxPay Plugin cross site scriptingVulDBVulDB06/03/202306/30/2023CVE-2015-10117
 
accepted
230661RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgeryVulDBVulDB06/03/202306/30/2023CVE-2015-10116
 
accepted
230655WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirectVulDBVulDB06/03/202306/30/2023CVE-2015-10115
 
accepted
230654WooSidebars Plugin class-woo-sidebars.php enable_custom_post_sidebars redirectVulDBVulDB06/03/202306/30/2023CVE-2015-10114
 
accepted
230653WooFramework Tweaks Plugin wooframework-tweaks.php admin_screen_logic redirectVulDBVulDB06/03/202306/29/2023CVE-2015-10113
 
accepted
230652WooFramework Branding Plugin wooframework-branding.php admin_screen_logic redirectVulDBVulDB06/03/202306/29/2023CVE-2015-10112
 
accepted
230651Watu Quiz Plugin Exam exam.php watu_exams sql injectionVulDBVulDB06/03/202306/29/2023CVE-2015-10111
 
accepted
230392ruddernation TinyChat Room Spy Plugin room-spy.php wp_show_room_spy cross site scriptingVulDBVulDB05/31/202306/25/2023CVE-2015-10110
 
accepted
230264Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgeryVulDBVulDB05/30/202306/24/2023CVE-2015-10109
 
accepted
230234meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgeryVulDBVulDB05/30/202306/24/2023CVE-2015-10108
 
accepted
230153Simplr Registration Form Plus+ Plugin cross site scriptingVulDBVulDB05/29/202306/21/2023CVE-2015-10107
 
accepted
230086mback2k mh_httpbl Extension index.php moduleContent sql injectionVulDBVulDB05/27/202306/21/2023CVE-2015-10106
 
accepted
227757IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversalVulDBVulDB04/29/202305/24/2023CVE-2015-10105
 
accepted
227756Icons for Features Plugin class-icons-for-features-admin.php redirectVulDBVulDB04/29/202305/24/2023CVE-2015-10104
 
accepted
226119InternalError503 Forget It settings.js infinite loopVulDBVulDB04/15/202305/05/2023CVE-2015-10103
 
accepted
226118Freshdesk Plugin redirectVulDBVulDB04/15/202305/05/2023CVE-2015-10102
 
accepted
226117Google Analytics Top Content Widget Plugin class-tgm-plugin-activation.php cross site scriptingVulDBVulDB04/15/202305/05/2023CVE-2015-10101
 
accepted
225353Dynamic Widgets Plugin dynwid_class.php sql injectionVulDBVulDB04/08/202304/26/2023CVE-2015-10100
 
accepted
225351CP Appointment Calendar Plugin dex_appointments.php dex_process_ready_to_go_appointment sql injectionVulDBVulDB04/08/202304/26/2023CVE-2015-10099
 
accepted
225152Broken Link Checker Plugin ui_get_action_links cross site scriptingVulDBVulDB04/06/202304/23/2023CVE-2015-10098
 
accepted
223801grinnellplans-php read.php interface_disp_page sql injectionVulDBVulDB03/24/202304/14/2023CVE-2015-10097
 
accepted
223383Zarthus IRC Twitter Announcer Bot twitter_announcer.rb get_tweets command injectionVulDBVulDB03/18/202304/11/2023CVE-2015-10096
 
accepted
222327woo-popup Plugin class-woo-popup-admin.php cross site scriptingVulDBVulDB03/04/202303/31/2023CVE-2015-10095
 
accepted
222326Fastly Plugin api.php post cross site scriptingVulDBVulDB03/04/202303/31/2023CVE-2015-10094
 
accepted
222325Mark User as Spammer Plugin plugin.php user_row_actions cross site scriptingVulDBVulDB03/04/202303/31/2023CVE-2015-10093
 
accepted
222324Qtranslate Slug Plugin class-qtranslate-slug.php add_slug_meta_box cross site scriptingVulDBVulDB03/04/202303/31/2023CVE-2015-10092
 
accepted
222322ByWater Solutions bywater-koha-xslt systempreferences.pl StringSearch sql injectionVulDBVulDB03/04/202303/31/2023CVE-2015-10091
 
accepted
222320Landing Pages Plugin cross site scriptingVulDBVulDB03/04/202303/31/2023CVE-2015-10090
 
accepted
222291flame.js cross site scriptingVulDBVulDB03/03/202303/31/2023CVE-2015-10089
 
accepted
222267ayttm proxy.c http_connect format stringVulDBVulDB03/03/202303/31/2023CVE-2015-10088
 
accepted
221809UpThemes Theme DesignFolio Plus unrestricted uploadVulDBVulDB02/26/202303/25/2023CVE-2015-10087
 
accepted
221808OpenCycleCompass server-php login.php sql injectionVulDBVulDB02/26/202303/25/2023CVE-2015-10086
 
accepted
221506GoPistolet MTA denial of serviceVulDBVulDB02/19/202303/23/2023CVE-2015-10085
 
accepted
221504irontec klear-library BaseController.php _prepareWhere sql injectionVulDBVulDB02/19/202303/23/2023CVE-2015-10084
 
accepted
221503harrystech Dynosaur-Rails application_controller.rb basic_auth improper authenticationVulDBVulDB02/19/202303/23/2023CVE-2015-10083
 
accepted
221499UIKit0 libplist XML xplist.c plist_from_xml xml external entity referenceVulDBVulDB02/19/202303/23/2023CVE-2015-10082
 
accepted
221495arnoldle submitByMailPlugin edit_list.php cross-site request forgeryVulDBVulDB02/19/202303/23/2023CVE-2015-10081
 
accepted
221487NREL api-umbrella-web Admin Data Table cross site scriptingVulDBVulDB02/18/202303/23/2023CVE-2015-10080
 
accepted
220751juju2143 WalrusIRC parser.js parseLinks cross site scriptingVulDBVulDB02/12/202303/10/2023CVE-2015-10079
 
accepted
220637atwellpub Resend Welcome Email Plugin resend-welcome-email.php send_welcome_email_url cross site scriptingVulDBVulDB02/11/202303/10/2023CVE-2015-10078
 
accepted
220471webbuilders-group silverstripe-kapost-bridge KapostService.php getPreview sql injectionVulDBVulDB02/09/202303/09/2023CVE-2015-10077
 
accepted
220453dimtion Shaarlier Tag TagsSource.java createTag sql injectionVulDBVulDB02/08/202303/09/2023CVE-2015-10076
 
accepted
220219Custom-Content-Width custom-content-width.php register_settings cross site scriptingVulDBVulDB02/06/202303/05/2023CVE-2015-10075
 
accepted
220218OpenSeaMap online_chart index.php init cross site scriptingVulDBVulDB02/06/202303/05/2023CVE-2015-10074
 
accepted
220215tinymighty WikiSEO Meta Property Tag WikiSEO.body.php modifyHTML cross site scriptingVulDBVulDB02/05/202303/05/2023CVE-2015-10073
 
accepted
220060NREL api-umbrella-web Flash Message cross site scriptingVulDBVulDB02/02/202303/04/2023CVE-2015-10072
 
accepted
218951gitter-badger ezpublish-modern-legacy forgotpassword.php password recoveryVulDBVulDB01/18/202302/15/2023CVE-2015-10071
 
accepted
218897copperwall Twiddit index.php sql injectionVulDBVulDB01/18/202302/15/2023CVE-2015-10070
 
accepted
218896viakondratiuk cash-machine machine.py update_failed_attempts sql injectionVulDBVulDB01/18/202302/15/2023CVE-2015-10069
 
accepted
218476danynab movify-j ReviewServiceImpl.java getByMovieId sql injectionVulDBVulDB01/17/202302/09/2023CVE-2015-10068
 
accepted
218463oznetmaster SSharpSmartThreadPool SmartThreadPool.cs race conditionVulDBVulDB01/17/202302/09/2023CVE-2015-10067
 
accepted
218462tynx wuersch Store.class.php getByCustomQuery sql injectionVulDBVulDB01/17/202302/09/2023CVE-2015-10066
 
accepted
218458AenBleidd FiND my_validator.cpp init_result buffer overflowVulDBVulDB01/16/202302/09/2023CVE-2015-10065
 
accepted
218455VictorFerraresi pokemon-database-php sql injectionVulDBVulDB01/16/202302/09/2023CVE-2015-10064
 
accepted
218453saemorris TheRadSystem _login.php redirect sql injectionVulDBVulDB01/16/202302/09/2023CVE-2015-10063
 
accepted
218451galaxy-data-resource Command Line Template injectionVulDBVulDB01/16/202302/09/2023CVE-2015-10062
 
accepted
218427evandro-machado Trabalho-Web2 ClienteDAO.java sql injectionVulDBVulDB01/16/202302/08/2023CVE-2015-10061
 
accepted
218417MNBikeways database views.py sql injectionVulDBVulDB01/16/202302/08/2023CVE-2015-10060
 
accepted
218416s134328 Webapplication-Veganguide apiService.js cross site scriptingVulDBVulDB01/16/202302/08/2023CVE-2015-10059
 
accepted
218415Wikisource Category Browser index.php cross site scriptingVulDBVulDB01/16/202302/08/2023CVE-2015-10058
 
accepted
218401Little Apps Little Software Stats Password Reset class.securelogin.php access controlVulDBVulDB01/15/202302/07/2023CVE-2015-10057
 
accepted
2184002071174A vinylmap views.py contact sql injectionVulDBVulDB01/15/202302/07/2023CVE-2015-10056
 
accepted
218399PictureThisWebServer user.js router.post sql injectionVulDBVulDB01/15/202302/07/2023CVE-2015-10055
 
accepted
218397githuis P2Manage Database.cs Execute sql injectionVulDBVulDB01/15/202302/07/2023CVE-2015-10054
 
accepted
218394prodigasistemas curupira passwords_controller.rb sql injectionVulDBVulDB01/15/202302/07/2023CVE-2015-10053
 
accepted
218380ssn2013 cis450Project AddAppUser.java addUser sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10020
 
accepted
218379calesanz gibb-modul-151 login redirectVulDBVulDB01/14/202302/07/2023CVE-2015-10052
 
accepted
218378bony2023 Discussion-Board main.php display_all_replies sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10051
 
accepted
218374brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10050
 
accepted
218372Overdrive Eletrônica course-builder oeditor.html cross site scriptingVulDBVulDB01/14/202302/07/2023CVE-2015-10049
 
accepted
218357bmattoso desafio_buzz_woody sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10048
 
accepted
218355KYUUBl school-register DBManager.java sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10047
 
accepted
218353lolfeedback sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10046
 
accepted
218352tutrantta project_todolist Database.php update sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10045
 
accepted
218350gophergala sqldump sql injectionVulDBVulDB01/14/202302/07/2023CVE-2015-10044
 
accepted
218307abreen Apollo path traversalVulDBVulDB01/13/202302/07/2023CVE-2015-10043
 
accepted
218305Dovgalyuk AIBattle procedures.php registerUser sql injectionVulDBVulDB01/13/202302/07/2023CVE-2015-10042
 
accepted
218304Dovgalyuk AIBattle procedures.php sendComments sql injectionVulDBVulDB01/13/202302/07/2023CVE-2015-10041
 
accepted
218302gitlearn Escape Sequence config.sh getOutOf injectionVulDBVulDB01/13/202302/07/2023CVE-2015-10040
 
accepted
218024dobos domino EntityFactory.cs sql injectionVulDBVulDB01/11/202302/04/2023CVE-2015-10039
 
accepted
218023nym3r0s pplv2 sql injectionVulDBVulDB01/11/202302/04/2023CVE-2015-10038
 
accepted
217965ACI_Escola sql injectionVulDBVulDB01/11/202302/01/2023CVE-2015-10037
 
accepted
217951kylebebak dronfelipe sql injectionVulDBVulDB01/11/202302/01/2023CVE-2015-10036
 
accepted
217715gperson angular-test-reporter data-server.js addTest sql injectionVulDBVulDB01/09/202301/30/2023CVE-2015-10035
 
accepted
217714j-nowak workout-organizer sql injectionVulDBVulDB01/09/202301/30/2023CVE-2015-10034
 
accepted
217713jvvlee MerlinsBoard Grade improper authorizationVulDBVulDB01/09/202301/30/2023CVE-2015-10033
 
accepted
217663HealthMateWeb createaccount.php cross site scriptingVulDBVulDB01/09/202301/30/2023CVE-2015-10032
 
accepted

28 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 28 results.

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!