Export limit exceeded: 364098 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364098 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-11-21 | 8.2 High |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | ||||
| CVE-2020-7738 | 1 Shiba Project | 1 Shiba | 2024-11-21 | 8.3 High |
| All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). | ||||
| CVE-2020-7737 | 1 Safetydance Project | 1 Safetydance | 2024-11-21 | 7.3 High |
| All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7736 | 1 Bmoor Project | 1 Bmoor | 2024-11-21 | 7.3 High |
| The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-11-21 | 6.6 Medium |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | ||||
| CVE-2020-7734 | 1 Arachnys | 1 Cabot | 2024-11-21 | 8.2 High |
| All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | ||||
| CVE-2020-7733 | 3 Oracle, Redhat, Ua-parser-js Project | 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js | 2024-11-21 | 7.5 High |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | ||||
| CVE-2020-7731 | 1 Gosaml2 Project | 1 Gosaml2 | 2024-11-21 | 7.5 High |
| This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | ||||
| CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-11-21 | 9.8 Critical |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | ||||
| CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2024-11-21 | 7.1 High |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | ||||
| CVE-2020-7727 | 1 Gedi Project | 1 Gedi | 2024-11-21 | 9.8 Critical |
| All versions of package gedi are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7726 | 1 Safe-object2 Project | 1 Safe-object2 | 2024-11-21 | 9.8 Critical |
| All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | ||||
| CVE-2020-7725 | 1 Guidesmiths | 1 Worksmith | 2024-11-21 | 9.8 Critical |
| All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. | ||||
| CVE-2020-7724 | 1 Tiny-conf Project | 1 Tiny-conf | 2024-11-21 | 9.8 Critical |
| All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7723 | 1 Yola | 1 Promisehelpers | 2024-11-21 | 9.8 Critical |
| All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. | ||||
| CVE-2020-7722 | 1 Nodee-utils Project | 1 Nodee-utils | 2024-11-21 | 9.8 Critical |
| All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. | ||||
| CVE-2020-7721 | 1 Node-oojs Project | 1 Node-oojs | 2024-11-21 | 9.8 Critical |
| All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. | ||||
| CVE-2020-7720 | 2 Digitalbazaar, Redhat | 3 Forge, Ansible Tower, Openshift Container Storage | 2024-11-21 | 9.8 Critical |
| The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. | ||||
| CVE-2020-7719 | 1 Locutus | 1 Locutus | 2024-11-21 | 9.8 Critical |
| Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. | ||||
| CVE-2020-7718 | 1 Gammautils Project | 1 Gammautils | 2024-11-21 | 9.8 Critical |
| All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. | ||||