Export limit exceeded: 366292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366292 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5595 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2024-11-21 | 9.8 Critical |
| TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | ||||
| CVE-2020-5594 | 1 Mitsubishielectric | 10 Melsec-fx, Melsec-fx Firmware, Melsec-l and 7 more | 2024-11-21 | 9.8 Critical |
| Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | ||||
| CVE-2020-5593 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 8.8 High |
| Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file. | ||||
| CVE-2020-5592 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors. | ||||
| CVE-2020-5591 | 1 Xack | 1 Xack Dns | 2024-11-21 | 7.5 High |
| XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack. | ||||
| CVE-2020-5590 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 8.1 High |
| Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | ||||
| CVE-2020-5589 | 1 Sony | 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more | 2024-11-21 | 8.8 High |
| SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | ||||
| CVE-2020-5588 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.9 Medium |
| Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. | ||||
| CVE-2020-5587 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 Medium |
| Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. | ||||
| CVE-2020-5586 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2020-5585 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2020-5584 | 1 Cybozu | 1 Garoon | 2024-11-21 | 7.5 High |
| Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. | ||||
| CVE-2020-5583 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 Medium |
| Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors. | ||||
| CVE-2020-5582 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors. | ||||
| CVE-2020-5581 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 Medium |
| Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. | ||||
| CVE-2020-5580 | 1 Cybozu | 1 Garoon | 2024-11-21 | 8.1 High |
| Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. | ||||
| CVE-2020-5579 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.2 High |
| SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2020-5577 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 8.8 High |
| Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. | ||||
| CVE-2020-5576 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2020-5575 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | ||||