Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (323565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20969 2 Gnu, Redhat 6 Patch, Enterprise Linux, Rhel Aus and 3 more 2024-11-21 N/A
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVE-2018-20968 1 Smackcoders 1 Ultimate Exporter 2024-11-21 N/A
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
CVE-2018-20967 1 Smackcoders 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv 2024-11-21 N/A
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
CVE-2018-20966 1 Booster 1 Booster For Woocommerce 2024-11-21 N/A
The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.
CVE-2018-20965 1 Ultimatemember 1 Ultimate Member 2024-11-21 6.1 Medium
The ultimate-member plugin before 2.0.4 for WordPress has XSS.
CVE-2018-20964 1 Codepeople 1 Contact Form Email 2024-11-21 N/A
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
CVE-2018-20963 1 Codepeople 1 Contact Form Email 2024-11-21 N/A
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
CVE-2018-20962 1 Backpackforlaravel 1 Backpack\\crud 2024-11-21 N/A
The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.
CVE-2018-20961 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-20960 1 Nespresso 2 Prodigo, Prodigo Firmware 2024-11-21 N/A
Nespresso Prodigio devices lack Bluetooth connection security.
CVE-2018-20959 1 Jura 2 E8, E8 Firmware 2024-11-21 N/A
Jura E8 devices lack Bluetooth connection security.
CVE-2018-20958 1 Tapplock 2 Tapplock, Tapplock Firmware 2024-11-21 N/A
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
CVE-2018-20957 1 Tapplock 2 One\+, One\+ Firmware 2024-11-21 N/A
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
CVE-2018-20956 1 Swann 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware 2024-11-21 N/A
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31.
CVE-2018-20955 1 Swann 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware 2024-11-21 N/A
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
CVE-2018-20954 1 Mailpile 1 Mailpile 2024-11-21 N/A
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
CVE-2018-20953 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
CVE-2018-20952 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
CVE-2018-20951 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
CVE-2018-20950 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).