Export limit exceeded: 366739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366739 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 8.8 High |
| An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | ||||
| CVE-2019-9925 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | ||||
| CVE-2019-9924 | 6 Canonical, Debian, Gnu and 3 more | 12 Ubuntu Linux, Debian Linux, Bash and 9 more | 2024-11-21 | 7.8 High |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | ||||
| CVE-2019-9922 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 7.5 High |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. | ||||
| CVE-2019-9921 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | ||||
| CVE-2019-9920 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 8.8 High |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. | ||||
| CVE-2019-9919 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. | ||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | ||||
| CVE-2019-9917 | 3 Canonical, Fedoraproject, Znc | 3 Ubuntu Linux, Fedora, Znc | 2024-11-21 | N/A |
| ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. | ||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-11-21 | N/A |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | ||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2024-11-21 | N/A |
| The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | ||||
| CVE-2019-9913 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | ||||
| CVE-2019-9912 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 6.1 Medium |
| The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. | ||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 6.1 Medium |
| The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | ||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | N/A |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | ||||
| CVE-2019-9909 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | ||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2024-11-21 | N/A |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | ||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2024-11-21 | 6.5 Medium |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | ||||
| CVE-2019-9903 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.5 Medium |
| PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | ||||
| CVE-2019-9901 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | N/A |
| Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy. | ||||