CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-13351	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVE-2018-13349	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVE-2018-13342	1 Linhandante	1 Anda	2024-11-21	N/A
The server API in the Anda app relies on hardcoded credentials.
CVE-2018-13339	1 Angular Redactor Project	1 Angular Redactor	2024-11-21	N/A
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
CVE-2018-13335	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVE-2018-13334	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVE-2018-13333	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVE-2018-13331	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVE-2018-13329	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVE-2018-13323	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVE-2018-13317	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.
CVE-2018-13312	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
CVE-2018-13310	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
CVE-2018-13309	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
CVE-2018-13308	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
CVE-2018-13256	1 Chartered Accountant \	1 Auditor Website Project	2024-11-21	6.1 Medium
PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.
CVE-2018-13252	1 Entrustdatacard	1 Syntera Customization Suite	2024-11-21	N/A
Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.
CVE-2018-13137	1 Pixelite	1 Events Manager	2024-11-21	N/A
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVE-2018-13136	1 Ultimatemember	1 Ultimate Member	2024-11-21	N/A
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
CVE-2018-13134	1 Tp-link	2 Archer C1200, Archer C1200 Firmware	2024-11-21	N/A
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.

« first previous Page 1998 of 2148. next last »