Export limit exceeded: 340949 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76899 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21688 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 8.8 High |
| A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | ||||
| CVE-2020-21667 | 1 Fastadmin-tp6 Project | 1 Fastadmin-tp6 | 2024-11-21 | 7.2 High |
| In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. | ||||
| CVE-2020-21665 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 7.2 High |
| In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | ||||
| CVE-2020-21654 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.2 High |
| emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. | ||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.8 High |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | ||||
| CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.1 High |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | ||||
| CVE-2020-21641 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 7.5 High |
| Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | ||||
| CVE-2020-21627 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2024-11-21 | 7.5 High |
| Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. | ||||
| CVE-2020-21598 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | 8.8 High |
| libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | ||||
| CVE-2020-21574 | 1 C-http Project | 1 C-http | 2024-11-21 | 7.5 High |
| Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function. | ||||
| CVE-2020-21572 | 1 Gilcc Project | 1 Gilcc | 2024-11-21 | 7.5 High |
| Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service. | ||||
| CVE-2020-21564 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. | ||||
| CVE-2020-21554 | 1 Tinyrise | 1 Tinyshop | 2024-11-21 | 8.1 High |
| A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. | ||||
| CVE-2020-21548 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 8.8 High |
| Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. | ||||
| CVE-2020-21547 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 8.8 High |
| Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. | ||||
| CVE-2020-21527 | 1 Halo | 1 Halo | 2024-11-21 | 7.7 High |
| There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. | ||||
| CVE-2020-21525 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 High |
| Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | ||||
| CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 7.5 High |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | ||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | ||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. | ||||