Export limit exceeded: 361649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15120 | 1 Kunena | 1 Kunena | 2024-11-21 | 5.4 Medium |
| The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. | ||||
| CVE-2019-15118 | 5 Canonical, Debian, Linux and 2 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | 5.5 Medium |
| check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | ||||
| CVE-2019-15117 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | ||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2024-11-21 | N/A |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | ||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | N/A |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | ||||
| CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2024-11-21 | N/A |
| The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | ||||
| CVE-2019-15112 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | 6.1 Medium |
| The wp-slimstat plugin before 4.8.1 for WordPress has XSS. | ||||
| CVE-2019-15111 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2024-11-21 | N/A |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. | ||||
| CVE-2019-15110 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2024-11-21 | N/A |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. | ||||
| CVE-2019-15109 | 1 Stellarwp | 1 The Events Calendar | 2024-11-21 | N/A |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | ||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | ||||
| CVE-2019-15106 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm. | ||||
| CVE-2019-15105 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | ||||
| CVE-2019-15104 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature. | ||||
| CVE-2019-15102 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | N/A |
| An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server. | ||||
| CVE-2019-15099 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.5 High |
| drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | ||||
| CVE-2019-15098 | 5 Canonical, Debian, Linux and 2 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2024-11-21 | 4.6 Medium |
| drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | ||||
| CVE-2019-15095 | 1 Diaowen | 1 Dwsurvey | 2024-11-21 | N/A |
| DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | ||||
| CVE-2019-15092 | 1 Webtoffee | 1 Import Export Wordpress Users | 2024-11-21 | N/A |
| The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | ||||
| CVE-2019-15091 | 1 Artica | 1 Integria Ims | 2024-11-21 | N/A |
| filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | ||||