Export limit exceeded: 348774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16179 | 1 Mizuhobank | 1 Mizuho Direct Application | 2024-11-21 | N/A |
| The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-16178 | 1 Cybozu | 1 Garoon | 2024-11-21 | N/A |
| Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. | ||||
| CVE-2018-16177 | 2 Microsoft, Ntt-west | 2 Windows 10, Fall Creators Update | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2018-16176 | 1 Jaea | 1 Mapping Tool | 2024-11-21 | N/A |
| Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2018-16175 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A |
| SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2018-16174 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A |
| Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2018-16173 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16172 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | N/A |
| Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. | ||||
| CVE-2018-16171 | 2 Cybozu, Microsoft | 2 Remote Service Manager, Windows | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors. | ||||
| CVE-2018-16170 | 2 Cybozu, Microsoft | 2 Remote Service Manager, Windows | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-16169 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | N/A |
| Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. | ||||
| CVE-2018-16168 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. | ||||
| CVE-2018-16167 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2018-16166 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2018-16165 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16164 | 1 Web-dorado | 1 Event Calendar Wd | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16163 | 1 Opendolphin | 1 Opendolphin | 2024-11-21 | N/A |
| OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors. | ||||
| CVE-2018-16162 | 1 Opendolphin | 1 Opendolphin | 2024-11-21 | N/A |
| OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. | ||||
| CVE-2018-16161 | 1 Opendolphin | 1 Opendolphin | 2024-11-21 | N/A |
| OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. | ||||
| CVE-2018-16160 | 2 Ftsafe, Microsoft | 3 Securecore, Windows 8, Windows 8.1 | 2024-11-21 | N/A |
| SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | ||||