Export limit exceeded: 361553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15535 | 1 Hostosm | 1 Tasking Manager | 2024-11-21 | N/A |
| Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | ||||
| CVE-2019-15534 | 1 Raml-module-builder Project | 1 Raml-module-builder | 2024-11-21 | N/A |
| Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | ||||
| CVE-2019-15533 | 1 Xayr | 1 Xenfcoresharp | 2024-11-21 | N/A |
| XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | ||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2024-11-21 | N/A |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | ||||
| CVE-2019-15531 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libextractor | 2024-11-21 | 6.5 Medium |
| GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | ||||
| CVE-2019-15530 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | ||||
| CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | ||||
| CVE-2019-15528 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | ||||
| CVE-2019-15527 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | ||||
| CVE-2019-15526 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | ||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2024-11-21 | N/A |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | ||||
| CVE-2019-15524 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A |
| CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | ||||
| CVE-2019-15523 | 2 Debian, Linbit | 2 Debian Linux, Csync2 | 2024-11-21 | 5.3 Medium |
| An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. | ||||
| CVE-2019-15522 | 1 Linbit | 1 Csync2 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | ||||
| CVE-2019-15521 | 2 Fork-cms, Spoon-library | 2 Fork Cms, Spoon Library | 2024-11-21 | N/A |
| Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | ||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2024-11-21 | N/A |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | ||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2024-11-21 | N/A |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | ||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2024-11-21 | N/A |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | ||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-11-21 | N/A |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | ||||
| CVE-2019-15516 | 1 Cuberite | 1 Cuberite | 2024-11-21 | N/A |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | ||||