2015 CVE Vulnerabilities
8,779 CVEs published in 2015.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2015-0270 | CRITICAL | 9.8 | 1.1% | Oct 25, 2019 | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. |
| CVE-2015-9499 | CRITICAL | 9.8 | 14.8% | Oct 22, 2019 | The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. |
| CVE-2015-9479 | CRITICAL | 9.8 | 2.8% | Oct 10, 2019 | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request ... |
| CVE-2015-9471 | CRITICAL | 9.8 | 4.0% | Oct 10, 2019 | The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. |
| CVE-2015-9467 | CRITICAL | 9.8 | 2.4% | Oct 10, 2019 | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parame... |
| CVE-2015-9466 | CRITICAL | 9.8 | 2.4% | Oct 10, 2019 | The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTT... |
| CVE-2015-9452 | CRITICAL | 9.8 | 2.4% | Oct 7, 2019 | The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?pag... |
| CVE-2015-9451 | CRITICAL | 9.8 | 2.4% | Oct 7, 2019 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.p... |
| CVE-2015-9450 | CRITICAL | 9.8 | 2.2% | Oct 7, 2019 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.p... |
| CVE-2015-9435 | CRITICAL | 9.8 | 2.1% | Sep 26, 2019 | The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. |
| CVE-2015-9333 | CRITICAL | 9.8 | 1.8% | Aug 22, 2019 | The cforms2 plugin before 14.6.10 for WordPress has SQL injection. |
| CVE-2015-9324 | CRITICAL | 9.8 | 2.0% | Aug 16, 2019 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. |
| CVE-2015-9323 | CRITICAL | 9.8 | 46.1% | Aug 16, 2019 | The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. |
| CVE-2015-9298 | CRITICAL | 9.8 | 2.1% | Aug 13, 2019 | The events-manager plugin before 5.6 for WordPress has code injection. |
| CVE-2015-9280 | CRITICAL | 10 | 1.8% | Jan 16, 2019 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. |
| CVE-2015-9244 | CRITICAL | 9.8 | 2.4% | May 29, 2018 | Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to... |
| CVE-2015-5172 | CRITICAL | 9.8 | 1.2% | Oct 24, 2017 | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.... |
| CVE-2015-5171 | CRITICAL | 9.8 | 1.2% | Oct 24, 2017 | The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Fo... |
| CVE-2015-1187 | CRITICAL | 9.8 | 82.9% | Sep 21, 2017 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr... |
| CVE-2015-5224 | CRITICAL | 9.8 | 4.5% | Aug 23, 2017 | The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name coll... |
| CVE-2015-2857 | CRITICAL | 9.8 | 84.2% | Aug 22, 2017 | Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach... |
| CVE-2015-2310 | CRITICAL | 9.1 | 1.8% | Aug 9, 2017 | Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to c... |
| CVE-2015-7871 | CRITICAL | 9.8 | 81.8% | Aug 7, 2017 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authen... |
| CVE-2015-7853 | CRITICAL | 9.8 | 11.8% | Aug 7, 2017 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attacker... |
| CVE-2015-7705 | CRITICAL | 9.8 | 12.4% | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified ... |
Check if your code is affected by 2015 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now