CWE-264
5486 CVEs classified under CWE-264. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-8363 | Critical | 10.0 | 2017-02-13 | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2… |
CVE-2016-7457 | Critical | 10.0 | 2016-12-29 | VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecif… |
CVE-2015-7425 | Critical | 10.0 | 2016-02-21 | The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protec… |
CVE-2015-8267 | Critical | 10.0 | 2015-12-24 | The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote… |
CVE-2015-7919 | Critical | 10.0 | 2015-12-21 | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecifie… |
CVE-2017-12251 | Critical | 9.9 | 2017-10-19 | A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with t… |
CVE-2016-6903 | Critical | 9.9 | 2017-04-24 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. |
CVE-2016-6902 | Critical | 9.9 | 2017-04-24 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. |
CVE-2016-9269 | Critical | 9.9 | 2017-02-21 | Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linu… |
CVE-2015-7411 | Critical | 9.9 | 2016-03-12 | The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileg… |
CVE-2022-36246 | Critical | 9.8 | 2023-05-30 | Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. |
CVE-2022-34149 | Critical | 9.8 | 2022-08-22 | Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. |
CVE-2022-34487 | Critical | 9.8 | 2022-07-21 | Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. |
CVE-2022-33198 | Critical | 9.8 | 2022-07-21 | Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. |
CVE-2021-36879 | Critical | 9.8 | 2021-09-27 | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registrati… |
CVE-2020-3227 | Critical | 9.8 | 2020-06-03 | A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, rem… |
CVE-2019-10709 | Critical | 9.8 | 2019-09-04 | AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially priv… |
CVE-2016-10935 | Critical | 9.8 | 2019-08-27 | The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. |
CVE-2016-10923 | Critical | 9.8 | 2019-08-22 | The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. |
CVE-2016-10922 | Critical | 9.8 | 2019-08-22 | The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. |