Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (331239 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-10011 1 Jenzabar 1 Internet Campus Solution 2024-11-21 N/A
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.
CVE-2019-10010 1 Thephpleague 1 Commonmark 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
CVE-2019-10009 1 Southrivertech 1 Titan Ftp Server 2024-11-21 N/A
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
CVE-2019-10008 1 Zohocorp 1 Servicedesk Plus 2024-11-21 N/A
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
CVE-2019-1020019 1 Inveniosoftware 1 Invenio-previewer 2024-11-21 N/A
invenio-previewer before 1.0.0a12 allows XSS.
CVE-2019-1020018 1 Discourse 1 Discourse 2024-11-21 7.3 High
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
CVE-2019-1020017 1 Discourse 1 Discourse 2024-11-21 5.3 Medium
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
CVE-2019-1020016 1 Ash-aio Project 1 Ash-aio 2024-11-21 N/A
ASH-AIO before 2.0.0.3 allows an open redirect.
CVE-2019-1020015 1 Hasura 1 Graphql Engine 2024-11-21 N/A
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
CVE-2019-1020014 3 Canonical, Docker, Fedoraproject 3 Ubuntu Linux, Credential Helpers, Fedora 2024-11-21 5.5 Medium
docker-credential-helpers before 0.6.3 has a double free in the List functions.
CVE-2019-1020013 1 Parseplatform 1 Parse-server 2024-11-21 N/A
parse-server before 3.6.0 allows account enumeration.
CVE-2019-1020012 1 Parseplatform 1 Parse-server 2024-11-21 N/A
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
CVE-2019-1020011 1 Charcoal-se 1 Smokedetector 2024-11-21 7.2 High
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
CVE-2019-1020010 1 Misskey 1 Misskey 2024-11-21 N/A
Misskey before 10.102.4 allows hijacking a user's token.
CVE-2019-1020009 1 Kolide 1 Fleet 2024-11-21 N/A
Fleet before 2.1.2 allows exposure of SMTP credentials.
CVE-2019-1020008 1 Stacktable.js Project 1 Stacktable.js 2024-11-21 N/A
stacktable.js before 1.0.4 allows XSS.
CVE-2019-1020007 1 Owasp 1 Dependency-track 2024-11-21 N/A
Dependency-Track before 3.5.1 allows XSS.
CVE-2019-1020006 1 Inveniosoftware 1 Invenio-app 2024-11-21 N/A
invenio-app before 1.1.1 allows host header injection.
CVE-2019-1020005 1 Inveniosoftware 1 Invenio-communities 2024-11-21 N/A
invenio-communities before 1.0.0a20 allows XSS.
CVE-2019-1020004 1 Tridactyl Project 1 Tridactyl 2024-11-21 N/A
Tridactyl before 1.16.0 allows fake key events.