Export limit exceeded: 76920 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76920 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23264 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | ||||
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 8.8 High |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | ||||
| CVE-2020-23162 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 7.5 High |
| Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials. | ||||
| CVE-2020-23160 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 8.8 High |
| Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices. | ||||
| CVE-2020-23150 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | ||||
| CVE-2020-23149 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 High |
| The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | ||||
| CVE-2020-23148 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 High |
| The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | ||||
| CVE-2020-23140 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.1 High |
| Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active. | ||||
| CVE-2020-23127 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 8.8 High |
| Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | ||||
| CVE-2020-23109 | 1 Struktur | 1 Libheif | 2024-11-21 | 8.1 High |
| Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. | ||||
| CVE-2020-23079 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 High |
| SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | ||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 7.5 High |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | ||||
| CVE-2020-23060 | 1 Tonec | 1 Internet Download Manager | 2024-11-21 | 7.1 High |
| Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. | ||||
| CVE-2020-23050 | 1 Taotesting | 1 Tao Assessment Platform | 2024-11-21 | 8.0 High |
| TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | ||||
| CVE-2020-23045 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 7.2 High |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. | ||||
| CVE-2020-23043 | 1 Air Sender Project | 1 Air Sender | 2024-11-21 | 8.8 High |
| Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 7.5 High |
| Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | ||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2024-11-21 | 7.5 High |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | ||||
| CVE-2020-23026 | 1 Dhrystone Project | 1 Dhrystone | 2024-11-21 | 7.5 High |
| A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||