Export limit exceeded: 74786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24165 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 8.8 High |
| An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. | ||||
| CVE-2020-24164 | 1 Taoensso | 1 Nippy | 2024-11-21 | 7.8 High |
| A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. | ||||
| CVE-2020-24162 | 1 Tencent | 1 Tencent | 2024-11-21 | 7.8 High |
| The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24161 | 1 163 | 1 Netease Mail Master | 2024-11-21 | 7.8 High |
| Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24160 | 1 Tencent | 1 Tim | 2024-11-21 | 7.8 High |
| Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2024-11-21 | 7.8 High |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | ||||
| CVE-2020-24158 | 1 360 | 1 Speed Browser | 2024-11-21 | 7.8 High |
| 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. | ||||
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-11-21 | 7.5 High |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | ||||
| CVE-2020-24146 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 8.1 High |
| Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. | ||||
| CVE-2020-24144 | 1 Media File Organizer Project | 1 Media File Organizer | 2024-11-21 | 8.6 High |
| Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. | ||||
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 7.5 High |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | ||||
| CVE-2020-24140 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24139 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24136 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.6 High |
| Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. | ||||
| CVE-2020-24130 | 1 Ponzu-cms | 1 Ponzu | 2024-11-21 | 8.1 High |
| A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | ||||
| CVE-2020-24102 | 1 Evenbalance | 1 Punkbuster | 2024-11-21 | 7.6 High |
| Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-24088 | 2 Foxconn, Microsoft | 2 Live Update Utility, Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges. | ||||
| CVE-2020-24063 | 1 Canto | 1 Canto | 2024-11-21 | 7.2 High |
| The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | ||||
| CVE-2020-24057 | 1 Verint | 2 S5120fd, S5120fd Firmware | 2024-11-21 | 8.8 High |
| The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'. | ||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2024-11-21 | 7.5 High |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||