Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367078 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9582 | 1 Eq-3 | 2 Homematic Ccu2, Homematic Ccu2 Firmware | 2024-11-21 | N/A |
| eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. | ||||
| CVE-2019-9581 | 1 Twinkletoessoftware | 1 Booked | 2024-11-21 | 8.8 High |
| phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. | ||||
| CVE-2019-9580 | 1 Stackstorm | 1 Stackstorm | 2024-11-21 | N/A |
| In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. | ||||
| CVE-2019-9578 | 1 Yubico | 1 Libu2f-host | 2024-11-21 | N/A |
| In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. | ||||
| CVE-2019-9576 | 1 Adenion | 1 Blog2social | 2024-11-21 | N/A |
| The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. | ||||
| CVE-2019-9575 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | N/A |
| The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. | ||||
| CVE-2019-9574 | 1 Mishubd | 1 Wp Human Resource Management | 2024-11-21 | N/A |
| The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | ||||
| CVE-2019-9573 | 1 Mishubd | 1 Wp Human Resource Management | 2024-11-21 | N/A |
| The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. | ||||
| CVE-2019-9572 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | N/A |
| SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of arbitrary PHP code in Public\Home\1_Static.php because of mishandling in the Application\Admin\Controller\ThemeController.class.php Upload() function. | ||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | ||||
| CVE-2019-9569 | 1 Deltacontrols | 2 Entelibus, Entelibus Firmware | 2024-11-21 | N/A |
| Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. | ||||
| CVE-2019-9568 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.5 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | ||||
| CVE-2019-9567 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.1 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | ||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2024-11-21 | N/A |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | ||||
| CVE-2019-9565 | 1 Druide | 1 Antidote | 2024-11-21 | N/A |
| Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name. | ||||
| CVE-2019-9564 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | ||||
| CVE-2019-9563 | 1 Bluemind | 1 Bluemind | 2024-11-21 | N/A |
| In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. | ||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2024-11-21 | N/A |
| Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2024-11-21 | N/A |
| Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2024-11-21 | 5.4 Medium |
| FiberHome an5506-04-f RP2669 devices have XSS. | ||||