Export limit exceeded: 347980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16467 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | ||||
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | ||||
| CVE-2018-16465 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | ||||
| CVE-2018-16464 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | ||||
| CVE-2018-16463 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | ||||
| CVE-2018-16462 | 1 Apex-publish-static-files Project | 1 Apex-publish-static-files | 2024-11-21 | 10.0 Critical |
| A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. | ||||
| CVE-2018-16461 | 1 Libnmap Project | 1 Libnmap | 2024-11-21 | N/A |
| A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. | ||||
| CVE-2018-16460 | 1 Umbraengineering | 1 Ps | 2024-11-21 | N/A |
| A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. | ||||
| CVE-2018-16459 | 1 Exceljs Project | 1 Exceljs | 2024-11-21 | N/A |
| An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. | ||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | N/A |
| An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | ||||
| CVE-2018-16457 | 1 Open Source Real-estate Script Project | 1 Open Source Real-estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | ||||
| CVE-2018-16456 | 1 Phpscriptsmall | 1 Website Seller Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | ||||
| CVE-2018-16455 | 1 Marketplace Script Project | 1 Marketplace Script | 2024-11-21 | 6.1 Medium |
| PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. | ||||
| CVE-2018-16454 | 1 Currency Converter Script Project | 1 Currency Converter Script | 2024-11-21 | N/A |
| PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. | ||||
| CVE-2018-16453 | 1 Domain Lookup Script Project | 1 Domain Lookup Script | 2024-11-21 | N/A |
| PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. | ||||
| CVE-2018-16450 | 1 Craftedweb Project | 1 Craftedweb | 2024-11-21 | N/A |
| CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. | ||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | ||||
| CVE-2018-16448 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | ||||
| CVE-2018-16447 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | ||||
| CVE-2018-16446 | 1 Seamcms | 1 Seacms | 2024-11-21 | N/A |
| An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. | ||||