Export limit exceeded: 343750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75251 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28736 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | ||||
| CVE-2020-28735 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | ||||
| CVE-2020-28734 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | ||||
| CVE-2020-28723 | 1 Cloudavid | 1 Pparam | 2024-11-21 | 7.5 High |
| Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. | ||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | ||||
| CVE-2020-28695 | 1 Askey | 2 Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7, Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7 Firmware | 2024-11-21 | 8.8 High |
| Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | ||||
| CVE-2020-28693 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 8.8 High |
| An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | ||||
| CVE-2020-28692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | ||||
| CVE-2020-28688 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 8.8 High |
| The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28687 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 8.8 High |
| The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | ||||
| CVE-2020-28672 | 1 Monocms | 1 Monocms | 2024-11-21 | 7.2 High |
| MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE. | ||||
| CVE-2020-28649 | 1 Orbisius | 1 Child Theme Creator | 2024-11-21 | 8.8 High |
| The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. | ||||
| CVE-2020-28648 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | ||||
| CVE-2020-28646 | 1 Owncloud | 1 Owncloud Desktop Client | 2024-11-21 | 7.8 High |
| ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | ||||
| CVE-2020-28641 | 1 Malwarebytes | 2 Endpoint Protection, Malwarebytes | 2024-11-21 | 7.1 High |
| In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | ||||
| CVE-2020-28635 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 8.8 High |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet(). | ||||
| CVE-2020-28627 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 8.8 High |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects(). | ||||
| CVE-2020-28617 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 8.8 High |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last(). | ||||
| CVE-2020-28603 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 8.8 High |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev(). | ||||