Export limit exceeded: 45635 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45635 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0016 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | ||||
| CVE-2019-9975 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2024-11-21 | N/A |
| DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. | ||||
| CVE-2019-9961 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2019-9957 | 1 Quadbase | 1 Espressreport Es | 2024-11-21 | N/A |
| Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload can then be triggered by accessing the "Set Security Levels" or "View User/Group Relationships" page. If the attacker does not currently have permission to create a new user, another vulnerability such as CSRF must be exploited first. | ||||
| CVE-2019-9955 | 1 Zyxel | 42 Atp200, Atp200 Firmware, Atp500 and 39 more | 2024-11-21 | N/A |
| On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. | ||||
| CVE-2019-9925 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | ||||
| CVE-2019-9919 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. | ||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2024-11-21 | N/A |
| The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | ||||
| CVE-2019-9913 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | ||||
| CVE-2019-9912 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 6.1 Medium |
| The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. | ||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 6.1 Medium |
| The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | ||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | N/A |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | ||||
| CVE-2019-9909 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | ||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2024-11-21 | N/A |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | ||||
| CVE-2019-9844 | 2 Fedoraproject, Khanacademy | 2 Fedora, Simple-markdown | 2024-11-21 | N/A |
| simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. | ||||
| CVE-2019-9841 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. | ||||
| CVE-2019-9839 | 1 Vfront | 1 Vfront | 2024-11-21 | N/A |
| VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter. | ||||
| CVE-2019-9838 | 1 Vfront | 1 Vfront | 2024-11-21 | N/A |
| VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering. | ||||
| CVE-2019-9834 | 1 Netdata | 1 Netdata | 2024-11-21 | N/A |
| The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot | ||||
| CVE-2019-9765 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | N/A |
| In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html. | ||||