Export limit exceeded: 76274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76274 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10241 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 8.8 High |
| An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | ||||
| CVE-2020-10239 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 8.8 High |
| An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. | ||||
| CVE-2020-10238 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | ||||
| CVE-2020-10235 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 8.8 High |
| An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php. | ||||
| CVE-2020-10231 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-11-21 | 7.5 High |
| TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. | ||||
| CVE-2020-10229 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 8.8 High |
| A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. | ||||
| CVE-2020-10228 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 8.8 High |
| A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | ||||
| CVE-2020-10223 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 8.1 High |
| npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. | ||||
| CVE-2020-10222 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 8.1 High |
| npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. | ||||
| CVE-2020-10216 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||||
| CVE-2020-10215 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||||
| CVE-2020-10214 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. | ||||
| CVE-2020-10213 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||||
| CVE-2020-10209 | 1 Amino | 12 Ak45x, Ak45x Firmware, Ak5xx and 9 more | 2024-11-21 | 8.1 High |
| Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. | ||||
| CVE-2020-10204 | 1 Sonatype | 1 Nexus | 2024-11-21 | 7.2 High |
| Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. | ||||
| CVE-2020-10193 | 1 Eset | 6 Cyber Security, Internet Security, Mobile Security and 3 more | 2024-11-21 | 7.5 High |
| ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. | ||||
| CVE-2020-10190 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 8.8 High |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. | ||||
| CVE-2020-10187 | 1 Doorkeeper Project | 1 Doorkeeper | 2024-11-21 | 7.5 High |
| Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. | ||||
| CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-11-21 | 8.6 High |
| The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud. | ||||
| CVE-2020-10184 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2024-11-21 | 7.5 High |
| The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. | ||||