Export limit exceeded: 347789 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347789 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16476 | 2 Redhat, Rubyonrails | 3 Cloudforms, Cloudforms Managementengine, Rails | 2024-11-21 | N/A |
| A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | ||||
| CVE-2018-16475 | 1 Knight Project | 1 Knight | 2024-11-21 | N/A |
| A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server. | ||||
| CVE-2018-16474 | 1 Tianma-static Project | 1 Tianma-static | 2024-11-21 | N/A |
| A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. | ||||
| CVE-2018-16473 | 1 Takeapeek Project | 1 Takeapeek | 2024-11-21 | N/A |
| A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. | ||||
| CVE-2018-16472 | 2 Cached-path-relative Project, Debian | 2 Cached-path-relative, Debian Linux | 2024-11-21 | 7.5 High |
| A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. | ||||
| CVE-2018-16471 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-11-21 | N/A |
| There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. | ||||
| CVE-2018-16470 | 2 Rack Project, Redhat | 3 Rack, Satellite, Satellite Capsule | 2024-11-21 | N/A |
| There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. | ||||
| CVE-2018-16469 | 1 Merge Project | 1 Merge | 2024-11-21 | 7.5 High |
| The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. | ||||
| CVE-2018-16468 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | N/A |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | ||||
| CVE-2018-16467 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | ||||
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | ||||
| CVE-2018-16465 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | ||||
| CVE-2018-16464 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | ||||
| CVE-2018-16463 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | ||||
| CVE-2018-16462 | 1 Apex-publish-static-files Project | 1 Apex-publish-static-files | 2024-11-21 | 10.0 Critical |
| A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. | ||||
| CVE-2018-16461 | 1 Libnmap Project | 1 Libnmap | 2024-11-21 | N/A |
| A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. | ||||
| CVE-2018-16460 | 1 Umbraengineering | 1 Ps | 2024-11-21 | N/A |
| A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. | ||||
| CVE-2018-16459 | 1 Exceljs Project | 1 Exceljs | 2024-11-21 | N/A |
| An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. | ||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | N/A |
| An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | ||||
| CVE-2018-16457 | 1 Open Source Real-estate Script Project | 1 Open Source Real-estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | ||||