Vulnerabilities (CVE)

CWE filter

CWE-94

Filter

2412 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0343 1 Sap 1 Commerce Cloud 2019-08-23 6.5
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could...
CVE-2019-14786 1 Rankmath 1 Seo 2019-08-23 4.0
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
CVE-2019-11581 1 Atlassian 1 Jira 2019-08-19 9.3
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira...
CVE-2018-13043 2 Debian, Canonical 3 Devscript, Ubuntu Linux, Devscripts 2019-08-19 7.5
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
CVE-2015-9298 1 Wp-events-plugin 1 Events Manager 2019-08-16 7.5
The events-manager plugin before 5.6 for WordPress has code injection.
CVE-2008-0456 1 Apache 1 Http Server 2019-08-15 2.6
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to...
CVE-2019-14746 1 Kuaifan 1 Kuaifancms 2019-08-14 7.5
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVE-2013-1966 1 Apache 1 Struts 2019-08-12 9.3
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
CVE-2013-1965 1 Apache 2 Struts2-showcase, Struts 2019-08-12 9.3
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
CVE-2018-20931 1 Cpanel 1 Cpanel 2019-08-12 6.5
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
CVE-2017-18468 1 Cpanel 1 Cpanel 2019-08-12 6.5
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
CVE-2019-7903 1 Magento 1 Magento 2019-08-09 6.5
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a...
CVE-2019-7932 1 Magento 1 Magento 2019-08-09 6.5
A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin...
CVE-2019-14242 2019-08-08 7.2
An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to...
CVE-2019-9140 1 Happypointcard 1 Happypoint 2019-08-08 5.8
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this...
CVE-2011-3186 1 Rubyonrails 2 Ruby On Rails, Rails 2019-08-08 4.3
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
CVE-2006-4111 1 Rubyonrails 2 Ruby On Rails, Rails 2019-08-08 7.5
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
CVE-2019-5450 1 Nextcloud 1 Nextcloud 2019-08-08 4.6
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
CVE-2018-20896 1 Cpanel 1 Cpanel 2019-08-07 3.3
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
CVE-2019-7942 1 Magento 1 Magento 2019-08-07 6.5
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious...