Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363061 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16344 | 1 Scadabr | 1 Scadabr | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | ||||
| CVE-2019-16340 | 1 Linksys | 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more | 2024-11-21 | 9.8 Critical |
| Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | ||||
| CVE-2019-16338 | 1 Hancom | 1 Hancom Office Neo | 2024-11-21 | 7.8 High |
| The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | ||||
| CVE-2019-16337 | 1 Hancom | 1 Hancom Office Neo | 2024-11-21 | 7.8 High |
| The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. | ||||
| CVE-2019-16336 | 1 Cypress | 2 Cybl11573, Cyble-416045 | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame. | ||||
| CVE-2019-16335 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 26 Debian Linux, Jackson-databind, Fedora and 23 more | 2024-11-21 | 9.8 Critical |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. | ||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.8 Medium |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | ||||
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 5.4 Medium |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | ||||
| CVE-2019-16332 | 1 Api Bearer Auth Project | 1 Api Bearer Auth | 2024-11-21 | 6.1 Medium |
| In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. | ||||
| CVE-2019-16330 | 1 Nchsoftware | 1 Express Accounts Accounting | 2024-11-21 | 5.4 Medium |
| In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript. | ||||
| CVE-2019-16328 | 1 Rpyc Project | 1 Rpyc | 2024-11-21 | 7.5 High |
| In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. | ||||
| CVE-2019-16327 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | ||||
| CVE-2019-16326 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product. | ||||
| CVE-2019-16321 | 1 Scadabr | 1 Scadabr | 2024-11-21 | 6.1 Medium |
| ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. | ||||
| CVE-2019-16320 | 1 Cobham | 22 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor 800 Vsat and 19 more | 2024-11-21 | 5.3 Medium |
| Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. | ||||
| CVE-2019-16319 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. | ||||
| CVE-2019-16318 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 8.8 High |
| In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | ||||
| CVE-2019-16317 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 8.8 High |
| In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | ||||
| CVE-2019-16314 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 9.8 Critical |
| Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | ||||
| CVE-2019-16313 | 1 Ifw8 | 10 Fr5, Fr5-e, Fr5-e Firmware and 7 more | 2024-11-21 | 7.5 High |
| ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. | ||||