Export limit exceeded: 361579 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361579 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16142 | 1 Renderdocs-rs Project | 1 Renderdocs-rs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. | ||||
| CVE-2019-16141 | 1 Once Cell Project | 1 Once Cell | 2024-11-21 | 7.5 High |
| An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. | ||||
| CVE-2019-16140 | 1 Isahc Project | 1 Isahc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | ||||
| CVE-2019-16139 | 1 Compact Arena Project | 1 Compact Arena | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read. | ||||
| CVE-2019-16138 | 1 Image-rs | 1 Image | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. | ||||
| CVE-2019-16137 | 1 Spin-rs Project | 1 Spin-rs | 2024-11-21 | 7.5 High |
| An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. | ||||
| CVE-2019-16133 | 1 Weaver | 1 Eteams Oa | 2024-11-21 | 6.5 Medium |
| An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/. | ||||
| CVE-2019-16132 | 1 Phpok | 1 Oklite | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | ||||
| CVE-2019-16131 | 1 Phpok | 1 Oklite | 2024-11-21 | 8.8 High |
| framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | ||||
| CVE-2019-16130 | 1 Hgw168cc | 1 Yii-cms | 2024-11-21 | 6.1 Medium |
| YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. | ||||
| CVE-2019-16129 | 1 Microchip | 1 Cryptoauthlib | 2024-11-21 | 6.8 Medium |
| Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). | ||||
| CVE-2019-16128 | 1 Microchip | 1 Cryptoauthlib | 2024-11-21 | 6.8 Medium |
| Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). | ||||
| CVE-2019-16127 | 1 Microchip | 1 Advanced Software Framework 4 | 2024-11-21 | 9.1 Critical |
| Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | ||||
| CVE-2019-16126 | 1 Getgrav | 1 Grav Cms | 2024-11-21 | 6.1 Medium |
| Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. | ||||
| CVE-2019-16125 | 1 Jobberbase | 1 Jobberbase | 2024-11-21 | 9.8 Critical |
| In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | ||||
| CVE-2019-16124 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 9.8 Critical |
| In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | ||||
| CVE-2019-16123 | 1 Kartatopia | 1 Piluscart | 2024-11-21 | 7.5 High |
| In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | ||||
| CVE-2019-16119 | 1 10web | 1 Photo Gallery | 2024-11-21 | 9.8 Critical |
| SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | ||||
| CVE-2019-16118 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. | ||||
| CVE-2019-16117 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. | ||||