Export limit exceeded: 83275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (83275 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | ||||
| CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 8.8 High |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | ||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | ||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | ||||
| CVE-2019-16655 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 7.5 High |
| joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | ||||
| CVE-2019-16653 | 1 Geniusbytes | 1 Genius Server | 2024-11-21 | 8.8 High |
| An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges. | ||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2024-11-21 | 7.2 High |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2019-16647 | 2 Maxthon, Microsoft | 2 Maxthon Browser, Windows | 2024-11-21 | 7.2 High |
| Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. | ||||
| CVE-2019-16645 | 1 Embedthis | 1 Goahead | 2024-11-21 | 8.6 High |
| An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. | ||||
| CVE-2019-16575 | 1 Jenkins | 1 Alauda Kubernetes Support | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | ||||
| CVE-2019-16573 | 1 Jenkins | 1 Alauda Devops Pipeline | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-16570 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | ||||
| CVE-2019-16565 | 1 Jenkins | 1 Team Concert | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-16561 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 7.1 High |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | ||||
| CVE-2019-16560 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | ||||
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2024-11-21 | 8.2 High |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | ||||
| CVE-2019-16553 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | ||||
| CVE-2019-16551 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | ||||
| CVE-2019-16550 | 1 Jenkins | 1 Maven | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | ||||