Export limit exceeded: 361824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 6.1 Medium |
| In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | ||||
| CVE-2019-14806 | 2 Opensuse, Palletsprojects | 2 Leap, Werkzeug | 2024-11-21 | 7.5 High |
| Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | ||||
| CVE-2019-14805 | 1 Una | 1 Una | 2024-11-21 | N/A |
| studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | ||||
| CVE-2019-14804 | 1 Una | 1 Una | 2024-11-21 | N/A |
| studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | ||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | ||||
| CVE-2019-14800 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. | ||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 6.1 Medium |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | ||||
| CVE-2019-14798 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | ||||
| CVE-2019-14797 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | ||||
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2024-11-21 | 5.4 Medium |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | ||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2024-11-21 | N/A |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | ||||
| CVE-2019-14794 | 1 Metabox | 1 Meta Box | 2024-11-21 | N/A |
| The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | ||||
| CVE-2019-14793 | 1 Metabox | 1 Meta Box | 2024-11-21 | N/A |
| The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | ||||
| CVE-2019-14792 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | N/A |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | ||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | ||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2024-11-21 | N/A |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | ||||
| CVE-2019-14789 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | ||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 8.8 High |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | ||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 5.4 Medium |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | ||||
| CVE-2019-14786 | 1 Rankmath | 1 Seo | 2024-11-21 | 6.5 Medium |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | ||||