Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9039 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | N/A |
| In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments. | ||||
| CVE-2018-9038 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | ||||
| CVE-2018-9037 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | ||||
| CVE-2018-9036 | 1 Checksec | 1 Canopy | 2024-11-21 | N/A |
| CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. | ||||
| CVE-2018-9035 | 1 Contact-form-7-to-database-extension Project | 1 Contact-form-7-to-database-extension | 2024-11-21 | N/A |
| CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | ||||
| CVE-2018-9034 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | ||||
| CVE-2018-9032 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | ||||
| CVE-2018-9031 | 1 Tnlsoftsolutions | 1 Sentry Vision | 2024-11-21 | N/A |
| The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. | ||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | ||||
| CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | ||||
| CVE-2018-9027 | 1 Ca | 1 Ca Privileged Access Manager | 2024-11-21 | N/A |
| A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | ||||
| CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | ||||
| CVE-2018-9025 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | ||||
| CVE-2018-9024 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | ||||
| CVE-2018-9023 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | N/A |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | ||||
| CVE-2018-9022 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | ||||
| CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | ||||
| CVE-2018-9020 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. | ||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | ||||
| CVE-2018-9018 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-11-21 | N/A |
| In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. | ||||