Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (327198 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-21021 1 Centreon 1 Centreon Web 2024-11-21 8.8 High
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
CVE-2018-21020 1 Centreon 1 Centreon Web 2024-11-21 7.5 High
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVE-2018-21019 1 Home-assistant 1 Home-assistant 2024-11-21 7.5 High
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
CVE-2018-21018 1 Joinmastodon 1 Mastodon 2024-11-21 9.8 Critical
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2018-21017 1 Gpac 1 Gpac 2024-11-21 6.5 Medium
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
CVE-2018-21016 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 6.5 Medium
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2018-21015 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 6.5 Medium
AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2018-21014 1 Buddyboss 1 Buddymoss Media 2024-11-21 5.4 Medium
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.
CVE-2018-21013 1 Upperthemes 1 Swape 2024-11-21 9.8 Critical
The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.
CVE-2018-21012 1 Vsourz 1 Cf7 Invisible Recaptcha 2024-11-21 6.1 Medium
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.
CVE-2018-21011 1 Wpcharitable 1 Charitable 2024-11-21 7.5 High
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
CVE-2018-21010 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2024-11-21 8.8 High
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
CVE-2018-21009 2 Freedesktop, Redhat 2 Poppler, Enterprise Linux 2024-11-21 N/A
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2018-21008 1 Linux 1 Linux Kernel 2024-11-21 N/A
An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.
CVE-2018-21007 1 Wisetr 1 User Email Verification For Woocommerce 2024-11-21 N/A
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
CVE-2018-21006 1 Bbpress Move Topics Project 1 Bbpress Move Topics 2024-11-21 N/A
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.
CVE-2018-21005 1 Bbpress Move Topics Project 1 Bbpress Move Topics 2024-11-21 N/A
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.
CVE-2018-21004 1 Carrcommunications 1 Rsvpmaker 2024-11-21 N/A
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
CVE-2018-21003 1 Themekraft 1 Buddyforms 2024-11-21 N/A
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
CVE-2018-21002 1 Joomsky 1 Js Help Desk 2024-11-21 N/A
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.