Export limit exceeded: 364053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364053 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 High |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | ||||
| CVE-2020-28144 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2024-11-21 | 9.8 Critical |
| Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution. | ||||
| CVE-2020-28141 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2024-11-21 | 5.4 Medium |
| The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. | ||||
| CVE-2020-28140 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 9.8 Critical |
| SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | ||||
| CVE-2020-28139 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 6.1 Medium |
| SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | ||||
| CVE-2020-28138 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 9.8 Critical |
| SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | ||||
| CVE-2020-28137 | 1 Genexis | 2 Platinum 4410, Platinum 4410 Firmware | 2024-11-21 | 6.5 Medium |
| Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. | ||||
| CVE-2020-28136 | 1 Phpgurukul | 1 Tourism Management System | 2024-11-21 | 8.8 High |
| An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | ||||
| CVE-2020-28133 | 1 Simple Grocery Store Sales And Inventory Sales Project | 1 Simple Grocery Store Sales And Inventory System | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | ||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2024-11-21 | 9.8 Critical |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | ||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | ||||
| CVE-2020-28119 | 1 53kf | 1 53kf | 2024-11-21 | 6.1 Medium |
| Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | ||||
| CVE-2020-28115 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | ||||
| CVE-2020-28103 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| cscms v4.1 allows for SQL injection via the "page_del" function. | ||||
| CVE-2020-28102 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| cscms v4.1 allows for SQL injection via the "js_del" function. | ||||
| CVE-2020-28097 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2024-11-21 | 5.9 Medium |
| The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. | ||||
| CVE-2020-28096 | 1 Foscammall | 2 Foscam X1, Foscam X1 Firmware | 2024-11-21 | 6.8 Medium |
| FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | ||||
| CVE-2020-28094 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 7.5 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | ||||
| CVE-2020-28093 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 7.2 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | ||||
| CVE-2020-28092 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.1 Medium |
| PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | ||||