Export limit exceeded: 366292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-5595 1 Mitsubishielectric 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more 2024-11-21 9.8 Critical
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
CVE-2020-5594 1 Mitsubishielectric 10 Melsec-fx, Melsec-fx Firmware, Melsec-l and 7 more 2024-11-21 9.8 Critical
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
CVE-2020-5593 1 Zenphoto 1 Zenphoto 2024-11-21 8.8 High
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
CVE-2020-5592 1 Zenphoto 1 Zenphoto 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.
CVE-2020-5591 1 Xack 1 Xack Dns 2024-11-21 7.5 High
XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.
CVE-2020-5590 1 Ec-cube 1 Ec-cube 2024-11-21 8.1 High
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
CVE-2020-5589 1 Sony 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more 2024-11-21 8.8 High
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
CVE-2020-5588 1 Cybozu 1 Garoon 2024-11-21 4.9 Medium
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
CVE-2020-5587 1 Cybozu 1 Garoon 2024-11-21 6.5 Medium
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
CVE-2020-5586 1 Cybozu 1 Garoon 2024-11-21 4.8 Medium
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
CVE-2020-5585 1 Cybozu 1 Garoon 2024-11-21 4.8 Medium
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
CVE-2020-5584 1 Cybozu 1 Garoon 2024-11-21 7.5 High
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
CVE-2020-5583 1 Cybozu 1 Garoon 2024-11-21 6.5 Medium
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
CVE-2020-5582 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
CVE-2020-5581 1 Cybozu 1 Garoon 2024-11-21 6.5 Medium
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
CVE-2020-5580 1 Cybozu 1 Garoon 2024-11-21 8.1 High
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
CVE-2020-5579 1 Strangerstudios 1 Paid Memberships Pro 2024-11-21 7.2 High
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2020-5577 1 Sixapart 1 Movable Type 2024-11-21 8.8 High
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.
CVE-2020-5576 1 Sixapart 1 Movable Type 2024-11-21 8.8 High
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5575 1 Sixapart 1 Movable Type 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.