Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11699 1 Mozilla 1 Firefox 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67.
CVE-2019-11695 1 Mozilla 1 Firefox 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox < 67.
CVE-2019-11680 1 Konakart 1 Konakart 2026-06-17 7.5 HIGH 9.8 CRITICAL
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.
CVE-2019-11669 1 Microfocus 1 Service Manager 2026-06-17 5.0 MEDIUM 7.5 HIGH
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
CVE-2019-11668 1 Microfocus 3 Service Manager, Service Manager Chat Server, Service Manager Chat Service 2026-06-17 5.0 MEDIUM 7.5 HIGH
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.
CVE-2019-11667 1 Microfocus 1 Service Manager 2026-06-17 5.0 MEDIUM 7.5 HIGH
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.
CVE-2019-11665 1 Microfocus 1 Service Manager 2026-06-17 5.0 MEDIUM 7.5 HIGH
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
CVE-2019-11661 1 Microfocus 1 Service Manager 2026-06-17 6.5 MEDIUM 8.3 HIGH
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
CVE-2019-11653 1 Microfocus 1 Content Manager 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
CVE-2019-11652 1 Microfocus 1 Netiq Self Service Password Reset 2026-06-17 7.5 HIGH 9.8 CRITICAL
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
CVE-2019-11650 1 Microfocus 1 Netiq Advanced Authentication 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
CVE-2019-11646 1 Microfocus 1 Service Manager 2026-06-17 9.0 HIGH 8.8 HIGH
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.
CVE-2019-11634 1 Citrix 2 Receiver, Workspace 2026-06-17 7.5 HIGH 9.8 CRITICAL
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
CVE-2019-11616 1 Doorgets 1 Doorgets Cms 2026-06-17 5.0 MEDIUM 9.8 CRITICAL
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password.
CVE-2019-11583 1 Atlassian 1 Jira 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".
CVE-2019-11580 1 Atlassian 1 Crowd 2026-06-17 7.5 HIGH 9.8 CRITICAL
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
CVE-2019-11561 1 Chuango 20 A11, A11 Firmware, A8 and 17 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
CVE-2019-11544 1 Gitlab 1 Gitlab 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.
CVE-2019-11541 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2026-06-17 5.0 MEDIUM 7.5 HIGH
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
CVE-2019-11540 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2026-06-17 7.5 HIGH 9.8 CRITICAL
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.