Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15579 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | ||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | ||||
| CVE-2019-15577 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | ||||
| CVE-2019-15576 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | ||||
| CVE-2019-15575 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. | ||||
| CVE-2019-15574 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | N/A |
| Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. | ||||
| CVE-2019-15573 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | N/A |
| Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | ||||
| CVE-2019-15572 | 1 Cipsoft | 1 Gesior-aac | 2024-11-21 | N/A |
| Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | ||||
| CVE-2019-15571 | 1 Clonos Project | 1 Clonos | 2024-11-21 | N/A |
| The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | ||||
| CVE-2019-15570 | 1 Bedita | 1 Bedita | 2024-11-21 | N/A |
| BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. | ||||
| CVE-2019-15569 | 1 Gov | 1 Ccd-data-store-api | 2024-11-21 | N/A |
| HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. | ||||
| CVE-2019-15568 | 1 Idseq | 1 Idseq-web | 2024-11-21 | N/A |
| idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. | ||||
| CVE-2019-15567 | 1 Openforis | 1 Arena | 2024-11-21 | N/A |
| OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. | ||||
| CVE-2019-15566 | 1 Alfresco | 1 Alfresco | 2024-11-21 | N/A |
| The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | ||||
| CVE-2019-15565 | 1 Webimpacto | 1 Icommktconnector | 2024-11-21 | N/A |
| The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. | ||||
| CVE-2019-15564 | 1 Compassionuk | 1 Compassion Switzerland | 2024-11-21 | N/A |
| The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | ||||
| CVE-2019-15563 | 1 Ohdsi | 1 Webapi | 2024-11-21 | N/A |
| Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. | ||||
| CVE-2019-15562 | 1 Gorm | 1 Gorm | 2024-11-21 | 9.8 Critical |
| GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm | ||||
| CVE-2019-15561 | 1 Flashlingo Project | 1 Flashlingo | 2024-11-21 | N/A |
| FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | ||||
| CVE-2019-15560 | 1 Reviews Module Project | 1 Reviews Module | 2024-11-21 | N/A |
| The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | ||||