Total
309476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14792 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | |||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | |||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | |||||
| CVE-2019-14789 | 1 Custom 404 Pro Project | 1 Custom 404 Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | |||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | |||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | |||||
| CVE-2019-14786 | 1 Rankmath | 1 Seo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | |||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | |||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | |||||
| CVE-2019-14783 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | |||||
| CVE-2019-14782 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account. | |||||
| CVE-2019-14778 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
| CVE-2019-14777 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
| CVE-2019-14776 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | |||||
| CVE-2019-14774 | 1 Getwooplugins | 1 Woo-variation-swatches | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | |||||
| CVE-2019-14773 | 1 Webcraftic | 1 Woody Ad Snippets | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. | |||||
| CVE-2019-14772 | 1 Verdaccio | 1 Verdaccio | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| verdaccio before 3.12.0 allows XSS. | |||||
| CVE-2019-14771 | 1 Backdropcms | 1 Backdrop Cms | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) Note: This has been disputed by multiple 3rd parties due to advanced permissions that are needed to exploit. | |||||
| CVE-2019-14770 | 1 Backdropcms | 1 Backdrop Core | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) | |||||
| CVE-2019-14769 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) | |||||