| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2016-15001 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2016-15002 | MONyog Ultimate Cookie privileges management | E | |
| CVE-2016-15003 | FileZilla Client Installer uninstall.exe unquoted search path | E | |
| CVE-2016-15004 | InfiniteWP Client Plugin injection | E | |
| CVE-2016-15005 | Cryptographically weak random number generation in github.com/dinever/golf | S | |
| CVE-2016-15006 | enigmaX Scrambling Table main.c getSeed prng seed | S | |
| CVE-2016-15007 | Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection | S | |
| CVE-2016-15008 | oxguy3 coebot-www channel.js showChannelBoir cross site scripting | S | |
| CVE-2016-15009 | OpenACS bug-tracker Search nav-bar.adp cross-site request forgery | S | |
| CVE-2016-15010 | University of Cambridge django-ucamlookup Lookup cross site scripting | S | |
| CVE-2016-15011 | e-Contract dssp SignResponseVerifier.java checkSignResponse xml external entity reference | S | |
| CVE-2016-15012 | forcedotcom SalesforceMobileSDK-Windows QuerySpec.cs ComputeCountSql sql injection | S | |
| CVE-2016-15013 | ForumHulp searchresults listener.php list_keywords sql injection | S | |
| CVE-2016-15014 | CESNET theme-cesnet resetpassword.php insufficiently protected credentials | S | |
| CVE-2016-15015 | viafintech Barzahlen Payment Module PHP SDK Webhook.php verify timing discrepancy | S | |
| CVE-2016-15016 | mrtnmtth joomla_mod_einsatz_stats helper.php getStatsByType sql injection | S | |
| CVE-2016-15017 | fabarea media_upload UploadFileService.php getUploadedFileList pathname traversal | S | |
| CVE-2016-15018 | krail-jpa sql injection | E S | |
| CVE-2016-15019 | tombh jekbox server.rb exposure of information through directory listing | S | |
| CVE-2016-15020 | liftkit database Query.php processOrderBy sql injection | S | |
| CVE-2016-15021 | nickzren alsdb sql injection | S | |
| CVE-2016-15022 | mosbth cimage check_system.php cross site scripting | S | |
| CVE-2016-15023 | SiteFusion Application Server Extension getextension.php path traversal | S | |
| CVE-2016-15024 | doomsider shadow denial of service | S | |
| CVE-2016-15025 | generator-hottowel 404 Error _app.js cross site scripting | S | |
| CVE-2016-15026 | 3breadt dd-plist xml external entity reference | S | |
| CVE-2016-15027 | meta4creations Post Duplicator Plugin notices.php mtphr_post_duplicator_notice cross site scripting | S | |
| CVE-2016-15028 | ICEPAY REST-API-NET Checksum Validation RestClient.cs RestClient integrity check | S | |
| CVE-2016-15029 | Ydalb mapicoin stats.php cross site scripting | S | |
| CVE-2016-15030 | Arno0x TwoFactorAuth login.php redirect | S | |
| CVE-2016-15031 | PHP-Login POST Parameter class.loginscript.php checkLogin sql injection | S | |
| CVE-2016-15032 | mback2k mh_httpbl Extension class.tx_mhhttpbl.php stopOutput cross site scripting | S | |
| CVE-2016-15033 | The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing ... | E | |
| CVE-2016-15034 | Dynacase Webdesk freedomrss_search.php freedomrss_search sql injection | S | |
| CVE-2016-15035 | Doc2k RE-Chat re_chat.js cross site scripting | S | |
| CVE-2016-15036 | Deis Workflow Manager race condition | S | |
| CVE-2016-15037 | go4rayyan Scumblr Task cross site scripting | S | |
| CVE-2016-15038 | NUUO NVRmini 2 deletefile.php path traversal | E | |
| CVE-2016-15039 | mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling | S | |
| CVE-2016-15040 | Kento Post View Counter <= 2.8 - SQL Injection | | |
| CVE-2016-15041 | MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting | | |
| CVE-2016-15042 | Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload | E |