CVE-2019-1020019 CVSS:4.3
invenio-previewer before 1.0.0a12 allows XSS. (Last Update:2019-07-31) (Publish Update:2019-07-29)
CVE-2019-1020018 CVSS:7.5
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. (Last Update:2019-10-09) (Publish Update:2019-07-29)
CVE-2019-1020017 CVSS:5.0
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. (Last Update:2019-10-09) (Publish Update:2019-07-29)
CVE-2019-1020016 CVSS:5.8
ASH-AIO before 2.0.0.3 allows an open redirect. (Last Update:2019-08-01) (Publish Update:2019-07-29)
CVE-2019-1020015 CVSS:5.0
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. (Last Update:2019-08-05) (Publish Update:2019-07-29)
CVE-2019-1020014 CVSS:2.1
docker-credential-helpers before 0.6.3 has a double free in the List functions. (Last Update:2019-08-19) (Publish Update:2019-07-29)
CVE-2019-1020013 CVSS:5.0
parse-server before 3.6.0 allows account enumeration. (Last Update:2019-08-01) (Publish Update:2019-07-29)
CVE-2019-1020012 CVSS:5.0
parse-server before 3.4.1 allows DoS after any POST to a volatile class. (Last Update:2019-08-02) (Publish Update:2019-07-29)
CVE-2019-1020011 CVSS:6.5
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. (Last Update:2019-10-09) (Publish Update:2019-07-29)
CVE-2019-1020010 CVSS:4.3
Misskey before 10.102.4 allows hijacking a user's token. (Last Update:2019-09-05) (Publish Update:2019-07-29)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com