Export limit exceeded: 77065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77065 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28461 | 1 Js-ini Project | 1 Js-ini | 2024-11-21 | 7.3 High |
| This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28459 | 1 Markdown-it-decorate Project | 1 Markdown-it-decorate | 2024-11-21 | 7.3 High |
| This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. | ||||
| CVE-2020-28458 | 2 Datatables, Redhat | 3 Datatables.net, Rhev Hypervisor, Rhev Manager | 2024-11-21 | 7.3 High |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | ||||
| CVE-2020-28457 | 1 S-cart | 1 S-cart | 2024-11-21 | 7.2 High |
| This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. | ||||
| CVE-2020-28456 | 1 S-cart | 1 S-cart | 2024-11-21 | 7.3 High |
| The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel. | ||||
| CVE-2020-28455 | 1 Markdown-it-toc Project | 1 Markdown-it-toc | 2024-11-21 | 7.3 High |
| This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. | ||||
| CVE-2020-28450 | 1 Decal Project | 1 Decal | 2024-11-21 | 8.6 High |
| This affects all versions of package decal. The vulnerability is in the extend function. | ||||
| CVE-2020-28449 | 1 Decal Project | 1 Decal | 2024-11-21 | 8.6 High |
| This affects all versions of package decal. The vulnerability is in the set function. | ||||
| CVE-2020-28442 | 1 Js-data | 1 Js-data | 2024-11-21 | 7.5 High |
| All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function. | ||||
| CVE-2020-28441 | 1 Conf-cfg-ini Project | 1 Conf-cfg-ini | 2024-11-21 | 7.3 High |
| This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2024-11-21 | 7.3 High |
| This affects all versions of package google-cloudstorage-commands. | ||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2024-11-21 | 7.3 High |
| This affects all versions of package node-latex-pdf. | ||||
| CVE-2020-28429 | 1 Geojson2kml Project | 1 Geojson2kml | 2024-11-21 | 7.3 High |
| All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){}) | ||||
| CVE-2020-28426 | 1 Kill-process-on-port Project | 1 Kill-process-on-port | 2024-11-21 | 7.3 High |
| All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId. | ||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2024-11-21 | 7.3 High |
| This affects all versions of package curljs. | ||||
| CVE-2020-28424 | 1 S3-kilatstorage Project | 1 S3-kilatstorage | 2024-11-21 | 7.2 High |
| This affects all versions of package s3-kilatstorage. | ||||
| CVE-2020-28421 | 2 Broadcom, Microsoft | 2 Unified Infrastructure Management, Windows | 2024-11-21 | 7.8 High |
| CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | ||||
| CVE-2020-28419 | 1 Hp | 1503 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy15a, Laserjet Managed Mfp E62665 3gy16a and 1500 more | 2024-11-21 | 8.8 High |
| During installation with certain driver software or application packages an arbitrary code execution could occur. | ||||
| CVE-2020-28416 | 1 Hp | 310 Officejet 250 Cz992a, Officejet 250 Cz992a Firmware, Officejet 250c L9d57a and 307 more | 2024-11-21 | 7.8 High |
| HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. | ||||
| CVE-2020-28407 | 1 Swtpm Project | 1 Swtpm | 2024-11-21 | 7.1 High |
| In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | ||||