Export limit exceeded: 336242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336242 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37037 | 1 Avast | 2 Secureline, Secureline Vpn | 2026-03-05 | 7.8 High |
| Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup. | ||||
| CVE-2020-37032 | 1 Wftpserver | 1 Wing Ftp Server | 2026-03-05 | 8.8 High |
| Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function. | ||||
| CVE-2020-37030 | 1 Getoutline | 1 Outline | 2026-03-05 | 7.8 High |
| Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in C:\Program Files (x86)\Outline to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2020-37028 | 1 Socusoft | 1 Photo 2 Video Converter | 2026-03-05 | 8.4 High |
| Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer overflow and potentially execute shellcode. | ||||
| CVE-2020-37022 | 2 Openz, Sap | 2 Erp, Erp | 2026-03-05 | 6.4 Medium |
| OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules. | ||||
| CVE-2020-37021 | 2 10-strike, Nsasoft | 2 Bandwidth Monitor, Network Bandwidth Monitor | 2026-03-05 | 7.8 High |
| 10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup. | ||||
| CVE-2020-37020 | 1 Sonarsource | 1 Sonarqube | 2026-03-05 | 7.8 High |
| SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart. | ||||
| CVE-2020-37019 | 1 Orchardcore | 2 Orchard Core, Orchardcore | 2026-03-05 | 6.4 Medium |
| Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers. | ||||
| CVE-2020-37018 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2026-03-05 | 6.4 Medium |
| GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks. | ||||
| CVE-2020-37017 | 1 Wibu | 1 Codemeter | 2026-03-05 | 7.8 High |
| CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions. | ||||
| CVE-2020-37014 | 1 Tryton | 2 Tryton, Trytond | 2026-03-05 | 6.4 Medium |
| Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces. | ||||
| CVE-2020-37011 | 1 Gnome | 2 Fonts Viewer, Gnome-font-viewer | 2026-03-05 | 7.5 High |
| Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process. | ||||
| CVE-2020-37009 | 1 Meddream | 1 Pacs Server | 2026-03-05 | 8.8 High |
| MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2020-37007 | 1 Salihciftci | 1 Liman | 2026-03-05 | 5.3 Medium |
| Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests. | ||||
| CVE-2020-37003 | 2 Sellacious, Totalshopuk | 2 Ecommerce, Ecommerce | 2026-03-05 | 6.4 Medium |
| Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules. | ||||
| CVE-2020-37002 | 1 Ajenti | 1 Ajenti | 2026-03-05 | 9.8 Critical |
| Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port. | ||||
| CVE-2020-37001 | 2 Frigate, Frigate3 | 2 Frigate, Frigate Professional | 2026-03-05 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload. | ||||
| CVE-2020-36996 | 1 Php-fusion | 1 Phpfusion | 2026-03-05 | 6.4 Medium |
| PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers. | ||||
| CVE-2020-36994 | 2 Qlik, Qliktech International | 2 Qlikview, Qlikview | 2026-03-05 | 6.2 Medium |
| QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality. | ||||
| CVE-2020-36993 | 1 Limesurvey | 1 Limesurvey | 2026-03-05 | 5.4 Medium |
| LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts. | ||||