Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (332672 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-20516 1 Frappe 1 Erpnext 2024-11-21 6.1 Medium
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.
CVE-2019-20515 1 Frappe 1 Erpnext 2024-11-21 6.1 Medium
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.
CVE-2019-20514 1 Frappe 1 Erpnext 2024-11-21 6.1 Medium
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.
CVE-2019-20513 1 Edx 1 Open Edx 2024-11-21 6.1 Medium
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.
CVE-2019-20512 1 Open.edx 1 Ironwood 2024-11-21 6.1 Medium
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.
CVE-2019-20511 1 Frappe 1 Erpnext 2024-11-21 6.1 Medium
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
CVE-2019-20504 1 Quest 1 Kace Systems Management 2024-11-21 9.8 Critical
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
CVE-2019-20503 4 Canonical, Debian, Redhat and 1 more 6 Ubuntu Linux, Debian Linux, Enterprise Linux and 3 more 2024-11-21 6.5 Medium
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
CVE-2019-20502 1 Echatserver 1 Easy Chat Server 2024-11-21 7.5 High
An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.
CVE-2019-20501 1 Dlink 2 Dwl-2600ap, Dwl-2600ap Firmware 2024-11-21 7.8 High
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
CVE-2019-20499 1 Dlink 2 Dwl-2600ap, Dwl-2600ap Firmware 2024-11-21 7.8 High
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.
CVE-2019-20498 1 Cpanel 1 Cpanel 2024-11-21 9.8 Critical
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
CVE-2019-20497 1 Cpanel 1 Cpanel 2024-11-21 5.4 Medium
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVE-2019-20496 1 Cpanel 1 Cpanel 2024-11-21 5.5 Medium
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
CVE-2019-20495 1 Cpanel 1 Cpanel 2024-11-21 6.5 Medium
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
CVE-2019-20494 1 Cpanel 1 Cpanel 2024-11-21 3.3 Low
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
CVE-2019-20493 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
CVE-2019-20492 1 Cpanel 1 Cpanel 2024-11-21 8.8 High
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
CVE-2019-20491 1 Cpanel 1 Cpanel 2024-11-21 5.4 Medium
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
CVE-2019-20490 1 Cpanel 1 Cpanel 2024-11-21 8.8 High
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).