Export limit exceeded: 349504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349504 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3809 | 1 Zeit | 1 Serve | 2024-11-21 | N/A |
| Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. | ||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 7.5 High |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | ||||
| CVE-2018-3786 | 1 Eggjs | 1 Egg-scripts | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | ||||
| CVE-2018-3785 | 1 Git-dummy-commit Project | 1 Git-dummy-commit | 2024-11-21 | 9.8 Critical |
| A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | ||||
| CVE-2018-3784 | 1 Cryo Project | 1 Cryo | 2024-11-21 | 9.8 Critical |
| A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | ||||
| CVE-2018-3783 | 1 Flintcms | 1 Flintcms | 2024-11-21 | N/A |
| A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. | ||||
| CVE-2018-3781 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A |
| A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | ||||
| CVE-2018-3780 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | ||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | N/A |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2024-11-21 | 5.3 Medium |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | ||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2024-11-21 | 9.8 Critical |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | ||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.3 Medium |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | ||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.8 High |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | ||||
| CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 9.8 Critical |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||
| CVE-2018-3773 | 1 Metascraper Project | 1 Metascraper | 2024-11-21 | 6.1 Medium |
| There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2. | ||||
| CVE-2018-3772 | 1 Whereis Project | 1 Whereis | 2024-11-21 | N/A |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. | ||||
| CVE-2018-3771 | 1 Statics-server Project | 1 Statics-server | 2024-11-21 | 6.1 Medium |
| An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser. | ||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-11-21 | 5.5 Medium |
| A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | ||||
| CVE-2018-3769 | 1 Ruby-grape | 1 Grape | 2024-11-21 | 6.1 Medium |
| ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | ||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | N/A |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | ||||