| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-0343 |
1 Sap |
1 Commerce Cloud |
2019-08-23 |
6.5 |
| SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could... |
| CVE-2019-14786 |
1 Rankmath |
1 Seo |
2019-08-23 |
4.0 |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. |
| CVE-2019-11581 |
1 Atlassian |
1 Jira |
2019-08-19 |
9.3 |
| There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira... |
| CVE-2018-13043 |
2 Debian, Canonical |
3 Devscript, Ubuntu Linux, Devscripts |
2019-08-19 |
7.5 |
| scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. |
| CVE-2015-9298 |
1 Wp-events-plugin |
1 Events Manager |
2019-08-16 |
7.5 |
| The events-manager plugin before 5.6 for WordPress has code injection. |
| CVE-2008-0456 |
1 Apache |
1 Http Server |
2019-08-15 |
2.6 |
| CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to... |
| CVE-2019-14746 |
1 Kuaifan |
1 Kuaifancms |
2019-08-14 |
7.5 |
| A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. |
| CVE-2013-1966 |
1 Apache |
1 Struts |
2019-08-12 |
9.3 |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. |
| CVE-2013-1965 |
1 Apache |
2 Struts2-showcase, Struts |
2019-08-12 |
9.3 |
| Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. |
| CVE-2018-20931 |
1 Cpanel |
1 Cpanel |
2019-08-12 |
6.5 |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). |
| CVE-2017-18468 |
1 Cpanel |
1 Cpanel |
2019-08-12 |
6.5 |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). |
| CVE-2019-7903 |
1 Magento |
1 Magento |
2019-08-09 |
6.5 |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a... |
| CVE-2019-7932 |
1 Magento |
1 Magento |
2019-08-09 |
6.5 |
| A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin... |
| CVE-2019-14242 |
|
|
2019-08-08 |
7.2 |
| An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to... |
| CVE-2019-9140 |
1 Happypointcard |
1 Happypoint |
2019-08-08 |
5.8 |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this... |
| CVE-2011-3186 |
1 Rubyonrails |
2 Ruby On Rails, Rails |
2019-08-08 |
4.3 |
| CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. |
| CVE-2006-4111 |
1 Rubyonrails |
2 Ruby On Rails, Rails |
2019-08-08 |
7.5 |
| Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. |
| CVE-2019-5450 |
1 Nextcloud |
1 Nextcloud |
2019-08-08 |
4.6 |
| Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. |
| CVE-2018-20896 |
1 Cpanel |
1 Cpanel |
2019-08-07 |
3.3 |
| cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). |
| CVE-2019-7942 |
1 Magento |
1 Magento |
2019-08-07 |
6.5 |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious... |
