Total
3863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19089 | 1 Hitachienergy | 1 Esoms | 2024-08-05 | 6.1 Medium |
| For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. | ||||
| CVE-2019-19010 | 2 Fedoraproject, Limnoria Project | 2 Fedora, Limnoria | 2024-08-05 | 9.8 Critical |
| Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | ||||
| CVE-2019-18889 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. | ||||
| CVE-2019-17613 | 1 Qibosoft | 1 Qibosoft | 2024-08-05 | 9.8 Critical |
| qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter. | ||||
| CVE-2019-17408 | 1 Zzzcms | 1 Zzzphp | 2024-08-05 | 9.8 Critical |
| parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | ||||
| CVE-2019-17310 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. | ||||
| CVE-2019-17306 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. | ||||
| CVE-2019-17302 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user. | ||||
| CVE-2019-17304 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user. | ||||
| CVE-2019-17307 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user. | ||||
| CVE-2019-17308 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. | ||||
| CVE-2019-17301 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user. | ||||
| CVE-2019-17305 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user. | ||||
| CVE-2019-17299 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user. | ||||
| CVE-2019-17300 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. | ||||
| CVE-2019-17309 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. | ||||
| CVE-2019-17268 | 1 Omniauth-weibo-oauth2 Project | 1 Omniauth-weibo-oauth2 | 2024-08-05 | 9.8 Critical |
| The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected. | ||||
| CVE-2019-17303 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user. | ||||
| CVE-2019-17132 | 1 Vbulletin | 1 Vbulletin | 2024-08-05 | 9.8 Critical |
| vBulletin through 5.5.4 mishandles custom avatars. | ||||
| CVE-2019-16885 | 1 Okay-cms | 1 Okaycms | 2024-08-05 | 9.8 Critical |
| In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. | ||||