Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2024-11-21 | 6.1 Medium |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2024-11-21 | 6.1 Medium |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2024-11-21 | 6.1 Medium |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12366 | 1 9folders | 1 Nine | 2024-11-21 | 6.1 Medium |
| The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12365 | 1 Cloudmagic | 1 Newton | 2024-11-21 | 6.1 Medium |
| The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12363 | 1 Mybb-2fa Project | 1 Mybb-2fa | 2024-11-21 | N/A |
| An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. | ||||
| CVE-2019-12362 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. | ||||
| CVE-2019-12361 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. | ||||
| CVE-2019-12360 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 7.1 High |
| A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. | ||||
| CVE-2019-12359 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12358 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | ||||
| CVE-2019-12357 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12356 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. | ||||
| CVE-2019-12355 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. | ||||
| CVE-2019-12354 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12353 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | ||||
| CVE-2019-12352 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. | ||||
| CVE-2019-12351 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | ||||
| CVE-2019-12350 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | ||||
| CVE-2019-12349 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | ||||