Export limit exceeded: 348775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348775 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16737 | 2 Starwindsoftware, Tinc-vpn | 2 Starwind Virtual San, Tinc | 2024-11-21 | 5.3 Medium |
| tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | ||||
| CVE-2018-16736 | 1 Rcfilters Project | 1 Rcfilters | 2024-11-21 | N/A |
| In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). | ||||
| CVE-2018-16733 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | N/A |
| In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | ||||
| CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | ||||
| CVE-2018-16731 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | ||||
| CVE-2018-16730 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | ||||
| CVE-2018-16729 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | ||||
| CVE-2018-16728 | 1 Feindura | 1 Feindura | 2024-11-21 | N/A |
| feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. | ||||
| CVE-2018-16727 | 1 Razorcms | 1 Razorcms | 2024-11-21 | N/A |
| razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. | ||||
| CVE-2018-16726 | 1 Razorcms | 1 Razorcms | 2024-11-21 | N/A |
| razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. | ||||
| CVE-2018-16725 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." | ||||
| CVE-2018-16724 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | ||||
| CVE-2018-16723 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020. | ||||
| CVE-2018-16722 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305. | ||||
| CVE-2018-16721 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306. | ||||
| CVE-2018-16720 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304. | ||||
| CVE-2018-16719 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482. | ||||
| CVE-2018-16718 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | N/A |
| An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. | ||||
| CVE-2018-16717 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | N/A |
| A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | ||||
| CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | N/A |
| A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | ||||