Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (330990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-8437 1 Njiandan-cms Project 1 Njiandan-cms 2024-11-21 N/A
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.
CVE-2019-8436 1 Txjia 1 Imcat 2024-11-21 N/A
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
CVE-2019-8435 1 Phpmywind 1 Phpmywind 2024-11-21 N/A
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
CVE-2019-8434 1 Cmseasy 1 Cmseasy 2024-11-21 N/A
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
CVE-2019-8433 1 Jtbc 1 Jtbc Php 2024-11-21 N/A
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
CVE-2019-8432 1 Cmseasy 1 Cmseasy 2024-11-21 N/A
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
CVE-2019-8429 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8428 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
CVE-2019-8427 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
CVE-2019-8426 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8425 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8424 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8423 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8422 1 Pbootcms 1 Pbootcms 2024-11-21 N/A
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVE-2019-8421 1 Bagesoft 1 Bagecms 2024-11-21 N/A
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2019-8419 1 Vnote Project 1 Vnote 2024-11-21 N/A
VNote 2.2 has XSS via a new text note.
CVE-2019-8418 1 Seacms 1 Seacms 2024-11-21 N/A
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
CVE-2019-8413 1 Mi 2 Mi Mix 2, Mi Mix 2 Firmware 2024-11-21 N/A
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
CVE-2019-8412 1 Feifeicms 1 Feifeicms 2024-11-21 N/A
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.
CVE-2019-8411 1 Zzcms 1 Zzcms 2024-11-21 N/A
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.