| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2016-11000 | The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name... | E | |
| CVE-2016-11001 | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content... | E | |
| CVE-2016-11002 | The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.... | | |
| CVE-2016-11003 | The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.... | | |
| CVE-2016-11004 | The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.... | | |
| CVE-2016-11005 | The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_... | E | |
| CVE-2016-11006 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init setting... | E | |
| CVE-2016-11007 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for i... | E | |
| CVE-2016-11008 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer ... | E | |
| CVE-2016-11009 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa pa... | E | |
| CVE-2016-11010 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout p... | E | |
| CVE-2016-11011 | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.... | E | |
| CVE-2016-11012 | The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin... | E | |
| CVE-2016-11013 | The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.... | S | |
| CVE-2016-11014 | NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the au... | E | |
| CVE-2016-11015 | NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_... | E | |
| CVE-2016-11016 | NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.... | E | |
| CVE-2016-11017 | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticat... | E | |
| CVE-2016-11018 | An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers... | E | |
| CVE-2016-11020 | Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can le... | S | |
| CVE-2016-11021 | setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via... | KEV E | |
| CVE-2016-11022 | NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacke... | E | |
| CVE-2016-11023 | odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently d... | | |
| CVE-2016-11024 | odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently di... | | |
| CVE-2016-11025 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipse... | | |
| CVE-2016-11026 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. Boo... | | |
| CVE-2016-11027 | An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a... | | |
| CVE-2016-11028 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipse... | | |
| CVE-2016-11029 | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Atta... | | |
| CVE-2016-11030 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sen... | | |
| CVE-2016-11031 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. Ant... | | |
| CVE-2016-11032 | An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all ... | | |
| CVE-2016-11033 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer... | | |
| CVE-2016-11034 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode fu... | | |
| CVE-2016-11035 | An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipse... | | |
| CVE-2016-11036 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Pro... | | |
| CVE-2016-11037 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6604. Reason: This candidate... | R | |
| CVE-2016-11038 | An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating th... | | |
| CVE-2016-11039 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9... | | |
| CVE-2016-11040 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS sup... | | |
| CVE-2016-11041 | An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lo... | | |
| CVE-2016-11042 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SI... | | |
| CVE-2016-11043 | An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in... | | |
| CVE-2016-11044 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint suppo... | | |
| CVE-2016-11045 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allo... | | |
| CVE-2016-11046 | An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. B... | | |
| CVE-2016-11047 | An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) softw... | | |
| CVE-2016-11048 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) s... | | |
| CVE-2016-11049 | An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/3... | | |
| CVE-2016-11050 | An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L)... | | |
| CVE-2016-11051 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0569. Reason: This candidate... | R | |
| CVE-2016-11052 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so i... | | |
| CVE-2016-11053 | An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/R... | | |
| CVE-2016-11054 | NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure ro... | | |
| CVE-2016-11055 | Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 201... | | |
| CVE-2016-11056 | Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.... | | |
| CVE-2016-11057 | Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 be... | | |
| CVE-2016-11058 | The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API... | | |
| CVE-2016-11059 | Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6... | | |
| CVE-2016-11060 | Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-... | | |
| CVE-2016-11061 | Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970,... | | |
| CVE-2016-11062 | An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypass... | | |
| CVE-2016-11063 | An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.... | | |
| CVE-2016-11064 | An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code vi... | | |
| CVE-2016-11065 | An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket featu... | | |
| CVE-2016-11066 | An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessar... | | |
| CVE-2016-11067 | An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause... | | |
| CVE-2016-11068 | An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via inje... | | |
| CVE-2016-11069 | An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at pas... | | |
| CVE-2016-11070 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values... | | |
| CVE-2016-11071 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and ... | | |
| CVE-2016-11072 | An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Sessio... | | |
| CVE-2016-11073 | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support sett... | | |
| CVE-2016-11074 | An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.... | | |
| CVE-2016-11075 | An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive i... | | |
| CVE-2016-11076 | An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used ... | | |
| CVE-2016-11077 | An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the Sys... | | |
| CVE-2016-11078 | An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain... | | |
| CVE-2016-11079 | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.... | | |
| CVE-2016-11080 | An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Adm... | | |
| CVE-2016-11081 | An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to informatio... | | |
| CVE-2016-11082 | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.... | | |
| CVE-2016-11083 | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files... | | |
| CVE-2016-11084 | An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.... | | |
| CVE-2016-11085 | php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows C... | E | |
| CVE-2016-11086 | lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 cert... | E |