Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3781 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A |
| A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | ||||
| CVE-2018-3780 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | ||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | N/A |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2024-11-21 | 5.3 Medium |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | ||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2024-11-21 | 9.8 Critical |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | ||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.3 Medium |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | ||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.8 High |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | ||||
| CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 9.8 Critical |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||
| CVE-2018-3773 | 1 Metascraper Project | 1 Metascraper | 2024-11-21 | 6.1 Medium |
| There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2. | ||||
| CVE-2018-3772 | 1 Whereis Project | 1 Whereis | 2024-11-21 | N/A |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. | ||||
| CVE-2018-3771 | 1 Statics-server Project | 1 Statics-server | 2024-11-21 | 6.1 Medium |
| An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser. | ||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-11-21 | 5.5 Medium |
| A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | ||||
| CVE-2018-3769 | 1 Ruby-grape | 1 Grape | 2024-11-21 | 6.1 Medium |
| ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | ||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | N/A |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | ||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-11-21 | 7.5 High |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | ||||
| CVE-2018-3764 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 4.8 Medium |
| In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | ||||
| CVE-2018-3763 | 1 Nextcloud | 1 Calendar | 2024-11-21 | 4.8 Medium |
| In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | ||||
| CVE-2018-3762 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | ||||
| CVE-2018-3761 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | ||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 6 Debian Linux, Cloudforms, Cloudforms Managementengine and 3 more | 2024-11-21 | N/A |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | ||||