Export limit exceeded: 361498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361498 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10872 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. | ||||
| CVE-2019-10871 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. | ||||
| CVE-2019-10869 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-11-21 | 8.1 High |
| Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. | ||||
| CVE-2019-10868 | 2 Debian, Tryton | 2 Debian Linux, Trytond | 2024-11-21 | 6.5 Medium |
| In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. | ||||
| CVE-2019-10867 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php. | ||||
| CVE-2019-10866 | 1 10web | 1 Form Maker | 2024-11-21 | N/A |
| In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter. | ||||
| CVE-2019-10864 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | N/A |
| The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. | ||||
| CVE-2019-10863 | 1 Combodo | 1 Teemip | 2024-11-21 | N/A |
| A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. | ||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2024-11-21 | N/A |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | ||||
| CVE-2019-10855 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | ||||
| CVE-2019-10854 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows Authenticated Command Injection. | ||||
| CVE-2019-10853 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows Authentication Bypass. | ||||
| CVE-2019-10852 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | ||||
| CVE-2019-10851 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 has hard-coded encryption keys. | ||||
| CVE-2019-10850 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 has Default Credentials. | ||||
| CVE-2019-10849 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | ||||
| CVE-2019-10848 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows Username Enumeration. | ||||
| CVE-2019-10847 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | ||||
| CVE-2019-10846 | 1 Computrols | 1 Computrols Building Automation System | 2024-11-21 | 6.1 Medium |
| Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. | ||||
| CVE-2019-10845 | 1 Uniqkey | 1 Password Manager | 2024-11-21 | N/A |
| An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id="uniqkey-password-popup" and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676. | ||||