Export limit exceeded: 361498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361498 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15336 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15335 | 1 Lavamobiles | 2 Z92, Z92 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15334 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15333 | 1 Lavamobiles | 2 Flair Z1, Flair Z1 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15332 | 1 Lavamobiles | 2 Z61, Z61 Firmware | 2024-11-21 | 3.3 Low |
| The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | ||||
| CVE-2019-15331 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. | ||||
| CVE-2019-15330 | 1 Webp Express Project | 1 Webp Express | 2024-11-21 | N/A |
| The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. | ||||
| CVE-2019-15329 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | ||||
| CVE-2019-15328 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | ||||
| CVE-2019-15327 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | ||||
| CVE-2019-15326 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | ||||
| CVE-2019-15325 | 1 Galliumos | 1 Galliumos | 2024-11-21 | N/A |
| In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not. | ||||
| CVE-2019-15324 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | N/A |
| The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. | ||||
| CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 7.5 High |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | ||||
| CVE-2019-15322 | 1 Wpmadeasy | 1 Shortcode Factory | 2024-11-21 | N/A |
| The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion. | ||||
| CVE-2019-15321 | 1 Optiontree Project | 1 Optiontree | 2024-11-21 | N/A |
| The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. | ||||
| CVE-2019-15320 | 1 Optiontree Project | 1 Optiontree | 2024-11-21 | N/A |
| The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. | ||||
| CVE-2019-15319 | 1 Optiontree Project | 1 Optiontree | 2024-11-21 | N/A |
| The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. | ||||
| CVE-2019-15318 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2024-11-21 | N/A |
| The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. | ||||
| CVE-2019-15317 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A |
| The give plugin before 2.4.7 for WordPress has XSS via a donor name. | ||||