Export limit exceeded: 361803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15503 | 1 Altavoz | 1 Prontuscms | 2024-11-21 | N/A |
| cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter. | ||||
| CVE-2019-15502 | 1 Teamspeak | 1 Teamspeak | 2024-11-21 | N/A |
| The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). | ||||
| CVE-2019-15501 | 1 Lsoft | 1 Listserv | 2024-11-21 | N/A |
| Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | ||||
| CVE-2019-15499 | 2 Apple, Hackmd | 2 Safari, Codimd | 2024-11-21 | 6.1 Medium |
| CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | ||||
| CVE-2019-15498 | 1 Getvera | 2 Vera Edge, Vera Edge Firmware | 2024-11-21 | N/A |
| cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. | ||||
| CVE-2019-15497 | 2 Blackbox, Onelan | 4 Icompel, Icompel Firmware, Net-top-box and 1 more | 2024-11-21 | N/A |
| Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. | ||||
| CVE-2019-15496 | 1 Manageyourteam | 1 Myt Project Management | 2024-11-21 | N/A |
| MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | ||||
| CVE-2019-15494 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | ||||
| CVE-2019-15493 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | ||||
| CVE-2019-15492 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | ||||
| CVE-2019-15491 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | ||||
| CVE-2019-15490 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | ||||
| CVE-2019-15489 | 1 Laracom | 1 Laracom | 2024-11-21 | N/A |
| laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | ||||
| CVE-2019-15488 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | N/A |
| Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | ||||
| CVE-2019-15487 | 1 Schoolexperience | 1 Department For Education School Experience | 2024-11-21 | N/A |
| DfE School Experience before v16333-GA has XSS via a teacher training URL. | ||||
| CVE-2019-15486 | 1 Django Js Reverse Project | 1 Django Js Reserve | 2024-11-21 | N/A |
| django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | ||||
| CVE-2019-15485 | 1 Boltcms | 1 Bolt | 2024-11-21 | N/A |
| Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | ||||
| CVE-2019-15484 | 1 Boltcms | 1 Bolt | 2024-11-21 | N/A |
| Bolt before 3.6.10 has XSS via an image's alt or title field. | ||||
| CVE-2019-15483 | 1 Boltcms | 1 Bolt | 2024-11-21 | N/A |
| Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | ||||
| CVE-2019-15482 | 1 Selectize-plugin-a11y Project | 1 Selectize-plugin-a11y | 2024-11-21 | N/A |
| selectize-plugin-a11y before 1.1.0 has XSS via the msg field. | ||||