Export limit exceeded: 366649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9569 | 1 Deltacontrols | 2 Entelibus, Entelibus Firmware | 2024-11-21 | N/A |
| Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. | ||||
| CVE-2019-9568 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.5 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | ||||
| CVE-2019-9567 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.1 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | ||||
| CVE-2019-9566 | 1 Flarumchina | 1 Flarumchina | 2024-11-21 | N/A |
| FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | ||||
| CVE-2019-9565 | 1 Druide | 1 Antidote | 2024-11-21 | N/A |
| Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name. | ||||
| CVE-2019-9564 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | ||||
| CVE-2019-9563 | 1 Bluemind | 1 Bluemind | 2024-11-21 | N/A |
| In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. | ||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2024-11-21 | N/A |
| Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2024-11-21 | N/A |
| Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2024-11-21 | 5.4 Medium |
| FiberHome an5506-04-f RP2669 devices have XSS. | ||||
| CVE-2019-9555 | 1 Sagemcom | 2 F\@st 5260, F\@st 5260 Firmware | 2024-11-21 | N/A |
| Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small. | ||||
| CVE-2019-9554 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. | ||||
| CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2024-11-21 | 6.1 Medium |
| Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | ||||
| CVE-2019-9552 | 1 Eloan Project | 1 Eloan | 2024-11-21 | N/A |
| Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | ||||
| CVE-2019-9551 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | N/A |
| An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. | ||||
| CVE-2019-9550 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | N/A |
| DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. | ||||
| CVE-2019-9549 | 1 Popojicms | 1 Popojicms | 2024-11-21 | N/A |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935. | ||||
| CVE-2019-9548 | 1 Citrix | 1 Application Delivery Management | 2024-11-21 | N/A |
| Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. | ||||
| CVE-2019-9547 | 1 Spdk | 1 Storage Performance Development Kit | 2024-11-21 | N/A |
| In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains. | ||||
| CVE-2019-9546 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A |
| SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | ||||