Export limit exceeded: 366977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7989 | 1 Adive | 1 Framework | 2024-11-21 | 6.1 Medium |
| Adive Framework 2.0.8 has admin/user/add userUsername XSS. | ||||
| CVE-2020-7988 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 8.8 High |
| An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens. | ||||
| CVE-2020-7984 | 1 Solarwinds | 1 N-central | 2024-11-21 | 7.5 High |
| SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. | ||||
| CVE-2020-7983 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 8.1 High |
| A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | ||||
| CVE-2020-7982 | 1 Openwrt | 2 Lede, Openwrt | 2024-11-21 | 8.1 High |
| An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | ||||
| CVE-2020-7981 | 1 Rubygeocoder | 1 Geocoder | 2024-11-21 | 9.8 Critical |
| sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. | ||||
| CVE-2020-7980 | 1 Intelliantech | 1 Aptus Web | 2024-11-21 | 9.8 Critical |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | ||||
| CVE-2020-7979 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | ||||
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | ||||
| CVE-2020-7977 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | ||||
| CVE-2020-7976 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-7973 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| GitLab through 12.7.2 allows XSS. | ||||
| CVE-2020-7972 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | ||||
| CVE-2020-7971 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| GitLab EE 11.0 and later through 12.7.2 allows XSS. | ||||
| CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-7968 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7967 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | ||||
| CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | ||||
| CVE-2020-7965 | 1 Webargs Project | 1 Webargs | 2024-11-21 | 8.8 High |
| flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF. | ||||