Export limit exceeded: 336160 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336160 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37021 | 2 10-strike, Nsasoft | 2 Bandwidth Monitor, Network Bandwidth Monitor | 2026-03-05 | 7.8 High |
| 10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup. | ||||
| CVE-2020-37020 | 1 Sonarsource | 1 Sonarqube | 2026-03-05 | 7.8 High |
| SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart. | ||||
| CVE-2020-37019 | 1 Orchardcore | 2 Orchard Core, Orchardcore | 2026-03-05 | 6.4 Medium |
| Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers. | ||||
| CVE-2020-37018 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2026-03-05 | 6.4 Medium |
| GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks. | ||||
| CVE-2020-37017 | 1 Wibu | 1 Codemeter | 2026-03-05 | 7.8 High |
| CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions. | ||||
| CVE-2020-37014 | 1 Tryton | 2 Tryton, Trytond | 2026-03-05 | 6.4 Medium |
| Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces. | ||||
| CVE-2020-37011 | 1 Gnome | 2 Fonts Viewer, Gnome-font-viewer | 2026-03-05 | 7.5 High |
| Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process. | ||||
| CVE-2020-37009 | 1 Meddream | 1 Pacs Server | 2026-03-05 | 8.8 High |
| MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2020-37007 | 1 Salihciftci | 1 Liman | 2026-03-05 | 5.3 Medium |
| Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests. | ||||
| CVE-2020-37003 | 2 Sellacious, Totalshopuk | 2 Ecommerce, Ecommerce | 2026-03-05 | 6.4 Medium |
| Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules. | ||||
| CVE-2020-37002 | 1 Ajenti | 1 Ajenti | 2026-03-05 | 9.8 Critical |
| Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port. | ||||
| CVE-2020-37001 | 2 Frigate, Frigate3 | 2 Frigate, Frigate Professional | 2026-03-05 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload. | ||||
| CVE-2020-36996 | 1 Php-fusion | 1 Phpfusion | 2026-03-05 | 6.4 Medium |
| PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers. | ||||
| CVE-2020-36994 | 2 Qlik, Qliktech International | 2 Qlikview, Qlikview | 2026-03-05 | 6.2 Medium |
| QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality. | ||||
| CVE-2020-36993 | 1 Limesurvey | 1 Limesurvey | 2026-03-05 | 5.4 Medium |
| LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts. | ||||
| CVE-2020-36992 | 1 Nordvpn | 1 Nordvpn | 2026-03-05 | 7.8 High |
| Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions. | ||||
| CVE-2020-36985 | 2 Gearboxcomputers, Panasonic | 2 Ip Watcher, Kw Watcher | 2026-03-05 | 7.8 High |
| IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup. | ||||
| CVE-2020-36983 | 2 Pablo Software Solutions, Pablosoftwaresolutions | 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server | 2026-03-05 | 7.8 High |
| Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart. | ||||
| CVE-2020-36978 | 1 Froxlor | 1 Froxlor | 2026-03-05 | 6.4 Medium |
| Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules. | ||||
| CVE-2020-36974 | 1 Realtek | 2 Andrea Rt Filters, Realtek Sdk Firmware | 2026-03-05 | 7.8 High |
| Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would execute during service startup or system reboot. | ||||