Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (40710 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-0537 1 Qqq Systems Project 1 Qqq Systems 2024-11-21 N/A
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi.
CVE-2018-0536 1 Qqq Systems Project 1 Qqq Systems 2024-11-21 N/A
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi.
CVE-2018-0535 1 Php 2chbbs Project 1 Php 2chbbs 2024-11-21 N/A
Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0534 1 Arsenol Project 1 Arsenol 2024-11-21 N/A
Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0532 1 Cybozu 1 Garoon 2024-11-21 N/A
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
CVE-2018-0527 1 Cybozu 1 Office 2024-11-21 N/A
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0519 1 Fsi 2 Fs010w, Fs010w Firmware 2024-11-21 N/A
Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0513 1 Mtssb.mt-systems 1 Simple Booking 2024-11-21 N/A
Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0511 1 Meowapps 1 Wp Retina 2x 2024-11-21 N/A
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0508 1 Kkcald Project 1 Kkcald 2024-11-21 N/A
Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0503 3 Debian, Mediawiki, Redhat 3 Debian Linux, Mediawiki, Openshift 2024-11-21 N/A
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
CVE-2018-0499 2 Canonical, Xapian 2 Ubuntu Linux, Xapian-core 2024-11-21 N/A
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
CVE-2018-0059 1 Juniper 1 Netscreen Screenos 2024-11-21 N/A
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.
CVE-2018-0047 1 Juniper 1 Junos Space 2024-11-21 N/A
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
CVE-2018-0046 1 Juniper 1 Junos Space 2024-11-21 N/A
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
CVE-2018-0041 1 Juniper 1 Contrail Service Orchestration 2024-11-21 N/A
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.
CVE-2018-0040 1 Juniper 1 Contrail Service Orchestration 2024-11-21 N/A
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.
CVE-2018-0039 1 Juniper 1 Contrail Service Orchestration 2024-11-21 N/A
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
CVE-2018-0038 1 Juniper 1 Contrail Service Orchestration 2024-11-21 N/A
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.
CVE-2018-0011 1 Juniper 1 Junos Space 2024-11-21 N/A
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.