Export limit exceeded: 361837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17237 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 8.8 High |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | ||||
| CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 6.1 Medium |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | ||||
| CVE-2019-17235 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 5.3 Medium |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | ||||
| CVE-2019-17234 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 7.5 High |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | ||||
| CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 6.1 Medium |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | ||||
| CVE-2019-17232 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 7.5 High |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | ||||
| CVE-2019-17231 | 1 Mageewp | 1 Onetone | 2024-11-21 | 6.1 Medium |
| includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. | ||||
| CVE-2019-17230 | 1 Mageewp | 1 Onetone | 2024-11-21 | 5.3 Medium |
| includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. | ||||
| CVE-2019-17229 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-11-21 | 6.1 Medium |
| includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | ||||
| CVE-2019-17228 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-11-21 | 6.5 Medium |
| includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes. | ||||
| CVE-2019-17226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.8 Medium |
| CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | ||||
| CVE-2019-17225 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | ||||
| CVE-2019-17224 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2024-11-21 | 5.3 Medium |
| The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. | ||||
| CVE-2019-17223 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | ||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 6.1 Medium |
| An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | ||||
| CVE-2019-17221 | 1 Phantomjs | 1 Phantomjs | 2024-11-21 | 7.5 High |
| PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed. | ||||
| CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 6.1 Medium |
| Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | ||||
| CVE-2019-17219 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control. | ||||
| CVE-2019-17218 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-11-21 | 9.1 Critical |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service. | ||||
| CVE-2019-17217 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. | ||||