Export limit exceeded: 349376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349376 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19187 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | ||||
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | N/A |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | ||||
| CVE-2018-19185 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | ||||
| CVE-2018-19184 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | N/A |
| cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | ||||
| CVE-2018-19183 | 1 Ethereumjs-vm Project | 1 Ethereumjs-vm | 2024-11-21 | 7.5 High |
| ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result. | ||||
| CVE-2018-19182 | 1 Engelsystem | 1 Engelsystem | 2024-11-21 | N/A |
| Engelsystem before commit hash 2e28336 allows CSRF. | ||||
| CVE-2018-19181 | 1 Yunucms | 1 Yunucms | 2024-11-21 | N/A |
| statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | ||||
| CVE-2018-19180 | 1 Yunucms | 1 Yunucms | 2024-11-21 | N/A |
| statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. | ||||
| CVE-2018-19178 | 1 Jeesns | 1 Jeesns | 2024-11-21 | N/A |
| In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | ||||
| CVE-2018-19170 | 1 Jpress | 1 Jpress | 2024-11-21 | N/A |
| In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. | ||||
| CVE-2018-19168 | 1 Fruitywifi Project | 1 Fruitywifi | 2024-11-21 | N/A |
| Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session. | ||||
| CVE-2018-19167 | 1 Cloakcoin | 1 Cloakcoin | 2024-11-21 | 7.5 High |
| CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19166 | 1 Peercoin | 1 Peercoin | 2024-11-21 | 7.5 High |
| peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19165 | 1 Nebl | 1 Neblio | 2024-11-21 | 7.5 High |
| neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19164 | 1 Reddcoin | 1 Reddcoin | 2024-11-21 | 7.5 High |
| reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19163 | 1 Stratisplatform | 1 Stratisx | 2024-11-21 | 7.5 High |
| stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19162 | 1 Diviproject | 1 Divi | 2024-11-21 | 7.5 High |
| Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19161 | 1 Alqo | 1 Alqo | 2024-11-21 | 7.5 High |
| alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19160 | 1 Bit.diamonds | 1 Diamond | 2024-11-21 | 7.5 High |
| Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19159 | 1 Luxcore | 1 Lux | 2024-11-21 | 7.5 High |
| lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||