Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347789 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16456 | 1 Phpscriptsmall | 1 Website Seller Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | ||||
| CVE-2018-16455 | 1 Marketplace Script Project | 1 Marketplace Script | 2024-11-21 | 6.1 Medium |
| PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. | ||||
| CVE-2018-16454 | 1 Currency Converter Script Project | 1 Currency Converter Script | 2024-11-21 | N/A |
| PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. | ||||
| CVE-2018-16453 | 1 Domain Lookup Script Project | 1 Domain Lookup Script | 2024-11-21 | N/A |
| PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. | ||||
| CVE-2018-16450 | 1 Craftedweb Project | 1 Craftedweb | 2024-11-21 | N/A |
| CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. | ||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | ||||
| CVE-2018-16448 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | ||||
| CVE-2018-16447 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | ||||
| CVE-2018-16446 | 1 Seamcms | 1 Seacms | 2024-11-21 | N/A |
| An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. | ||||
| CVE-2018-16445 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. | ||||
| CVE-2018-16444 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. | ||||
| CVE-2018-16438 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. | ||||
| CVE-2018-16437 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | N/A |
| Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. | ||||
| CVE-2018-16436 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | N/A |
| Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. | ||||
| CVE-2018-16435 | 4 Canonical, Debian, Littlecms and 1 more | 7 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 4 more | 2024-11-21 | N/A |
| Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | ||||
| CVE-2018-16432 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A |
| BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. | ||||
| CVE-2018-16431 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | N/A |
| admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. | ||||
| CVE-2018-16430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2024-11-21 | N/A |
| GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | ||||
| CVE-2018-16429 | 2 Canonical, Gnome | 2 Ubuntu Linux, Glib | 2024-11-21 | N/A |
| GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | ||||
| CVE-2018-16428 | 2 Canonical, Gnome | 2 Ubuntu Linux, Glib | 2024-11-21 | N/A |
| In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. | ||||