Search
Search Results (323565 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16640 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | ||||
| CVE-2018-16639 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | N/A |
| Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. | ||||
| CVE-2018-16638 | 1 Modx | 1 Evolution Cms | 2024-11-21 | N/A |
| Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | ||||
| CVE-2018-16637 | 1 Modx | 1 Evolution Cms | 2024-11-21 | N/A |
| Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | ||||
| CVE-2018-16636 | 1 Nucleuscms | 1 Nucleus Cms | 2024-11-21 | N/A |
| Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. | ||||
| CVE-2018-16635 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A |
| Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | ||||
| CVE-2018-16634 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| Pluck v4.7.7 allows CSRF via admin.php?action=settings. | ||||
| CVE-2018-16633 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. | ||||
| CVE-2018-16632 | 1 Jupo | 1 Mezzanine | 2024-11-21 | N/A |
| Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. | ||||
| CVE-2018-16631 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A |
| Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | ||||
| CVE-2018-16630 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A |
| Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | ||||
| CVE-2018-16629 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A |
| panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | ||||
| CVE-2018-16628 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A |
| panel/login in Kirby v2.5.12 allows XSS via a blog name. | ||||
| CVE-2018-16627 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A |
| panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | ||||
| CVE-2018-16626 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | N/A |
| index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. | ||||
| CVE-2018-16625 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | N/A |
| index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | ||||
| CVE-2018-16624 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A |
| panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. | ||||
| CVE-2018-16623 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A |
| Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. | ||||
| CVE-2018-16622 | 1 Html-js | 1 Doracms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | ||||
| CVE-2018-16621 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 7.2 High |
| Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | ||||