Skip to main content
CVE-2016-4825 MEDIUM This Month

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE WordPress PHP Welcart E Commerce
NVD
CVSS 3.1
5.6
EPSS
9.5%
CVE-2016-4525 MEDIUM This Month

Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
6.6
EPSS
0.2%
CVE-2016-4828 MEDIUM This Month

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Welcart E Commerce
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2016-1188 MEDIUM This Month

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-1190 MEDIUM This Month

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-4827 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2016-4826 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2016-4824 MEDIUM This Month

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cg Wlr300Gnv Firmware Cg Wlr300Gnv W Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-4528 MEDIUM This Month

Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Webaccess
NVD
CVSS 3.0
5.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy