Export limit exceeded: 350413 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350413 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | ||||
| CVE-2018-19575 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. | ||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | ||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | ||||
| CVE-2018-19572 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. | ||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | ||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | ||||
| CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | ||||
| CVE-2018-19568 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | N/A |
| A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | ||||
| CVE-2018-19567 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | N/A |
| A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | ||||
| CVE-2018-19566 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | N/A |
| A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | ||||
| CVE-2018-19565 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | N/A |
| A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | ||||
| CVE-2018-19564 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | N/A |
| Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. | ||||
| CVE-2018-19562 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | ||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2024-11-21 | N/A |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | ||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | ||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | ||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | ||||
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | ||||
| CVE-2018-19556 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability | ||||