Export limit exceeded: 366372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9573 | 1 Mishubd | 1 Wp Human Resource Management | 2024-11-21 | N/A |
| The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. | ||||
| CVE-2019-9572 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | N/A |
| SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of arbitrary PHP code in Public\Home\1_Static.php because of mishandling in the Application\Admin\Controller\ThemeController.class.php Upload() function. | ||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | ||||
| CVE-2019-9569 | 1 Deltacontrols | 2 Entelibus, Entelibus Firmware | 2024-11-21 | N/A |
| Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. | ||||
| CVE-2019-9568 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.5 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | ||||
| CVE-2019-9567 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.1 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | ||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2024-11-21 | N/A |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | ||||
| CVE-2019-9565 | 1 Druide | 1 Antidote | 2024-11-21 | N/A |
| Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name. | ||||
| CVE-2019-9564 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | ||||
| CVE-2019-9563 | 1 Bluemind | 1 Bluemind | 2024-11-21 | N/A |
| In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. | ||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2024-11-21 | N/A |
| Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2024-11-21 | N/A |
| Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2024-11-21 | 5.4 Medium |
| FiberHome an5506-04-f RP2669 devices have XSS. | ||||
| CVE-2019-9555 | 1 Sagemcom | 2 F\@st 5260, F\@st 5260 Firmware | 2024-11-21 | N/A |
| Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small. | ||||
| CVE-2019-9554 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. | ||||
| CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2024-11-21 | 6.1 Medium |
| Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | ||||
| CVE-2019-9552 | 1 Eloan Project | 1 Eloan | 2024-11-21 | N/A |
| Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | ||||
| CVE-2019-9551 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | N/A |
| An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. | ||||
| CVE-2019-9550 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | N/A |
| DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. | ||||
| CVE-2019-9549 | 1 Popojicms | 1 Popojicms | 2024-11-21 | N/A |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935. | ||||