Export limit exceeded: 361515 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361515 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15129 | 1 Humanica | 1 Humatrix 7 | 2024-11-21 | N/A |
| The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI. | ||||
| CVE-2019-15128 | 1 If.svnadmin Project | 1 If.svnadmin | 2024-11-21 | N/A |
| iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. | ||||
| CVE-2019-15127 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | N/A |
| REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | ||||
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2024-11-21 | 3.1 Low |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | ||||
| CVE-2019-15124 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 6.1 Medium |
| In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33. | ||||
| CVE-2019-15123 | 1 Vikisolutions | 1 Vera | 2024-11-21 | 7.2 High |
| The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. | ||||
| CVE-2019-15120 | 1 Kunena | 1 Kunena | 2024-11-21 | 5.4 Medium |
| The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. | ||||
| CVE-2019-15118 | 5 Canonical, Debian, Linux and 2 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | 5.5 Medium |
| check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | ||||
| CVE-2019-15117 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | ||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2024-11-21 | N/A |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | ||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | N/A |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | ||||
| CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2024-11-21 | N/A |
| The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | ||||
| CVE-2019-15112 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | 6.1 Medium |
| The wp-slimstat plugin before 4.8.1 for WordPress has XSS. | ||||
| CVE-2019-15111 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2024-11-21 | N/A |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. | ||||
| CVE-2019-15110 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2024-11-21 | N/A |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. | ||||
| CVE-2019-15109 | 1 Stellarwp | 1 The Events Calendar | 2024-11-21 | N/A |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | ||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | ||||
| CVE-2019-15106 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm. | ||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | ||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | ||||