Vulnerabilities > Exposure of Resource to Wrong Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-20 | CVE-2019-15138 | Exposure of Resource to Wrong Sphere vulnerability in Html-Pdf Project Html-Pdf The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | 7.5 |
| 2019-09-20 | CVE-2016-11010 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | 5.3 |
| 2019-09-20 | CVE-2016-11009 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | 5.3 |
| 2019-09-20 | CVE-2016-11008 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | 5.3 |
| 2019-09-20 | CVE-2016-11007 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | 5.3 |
| 2019-09-20 | CVE-2016-11006 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | 5.3 |
| 2019-08-01 | CVE-2018-20947 | Exposure of Resource to Wrong Sphere vulnerability in Cpanel cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | 5.5 |
| 2019-08-01 | CVE-2016-10840 | Exposure of Resource to Wrong Sphere vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | 8.8 |
| 2019-07-31 | CVE-2019-10365 | Exposure of Resource to Wrong Sphere vulnerability in Google Kubernetes Engine Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | 4.3 |
| 2019-07-23 | CVE-2019-11728 | Exposure of Resource to Wrong Sphere vulnerability in multiple products The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. | 4.7 |