Recent vulnerabilities and exploits

NA
CVE-2019-16972

In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS....

NA
CVE-2015-9500

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js....

NA
CVE-2015-9499

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive....

NA
CVE-2015-9496

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring....

NA
CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php....

NA
CVE-2015-9498

The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value....

NA
CVE-2015-9495

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier....

NA
CVE-2015-9494

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier....

NA
CVE-2015-9493

The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues....

6.8
CVSSv2
CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file....

GoogleChrome