Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28133 | 1 Simple Grocery Store Sales And Inventory Sales Project | 1 Simple Grocery Store Sales And Inventory System | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. | ||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2024-11-21 | 9.8 Critical |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | ||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | ||||
| CVE-2020-28119 | 1 53kf | 1 53kf | 2024-11-21 | 6.1 Medium |
| Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | ||||
| CVE-2020-28115 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | ||||
| CVE-2020-28103 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| cscms v4.1 allows for SQL injection via the "page_del" function. | ||||
| CVE-2020-28102 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| cscms v4.1 allows for SQL injection via the "js_del" function. | ||||
| CVE-2020-28097 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2024-11-21 | 5.9 Medium |
| The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. | ||||
| CVE-2020-28096 | 1 Foscammall | 2 Foscam X1, Foscam X1 Firmware | 2024-11-21 | 6.8 Medium |
| FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | ||||
| CVE-2020-28094 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 7.5 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | ||||
| CVE-2020-28093 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 7.2 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | ||||
| CVE-2020-28092 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.1 Medium |
| PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | ||||
| CVE-2020-28091 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 7.5 High |
| cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | ||||
| CVE-2020-28088 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. | ||||
| CVE-2020-28087 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information. | ||||
| CVE-2020-28086 | 1 Zx2c4 | 1 Password-store | 2024-11-21 | 7.5 High |
| pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution. | ||||
| CVE-2020-28074 | 1 Online Health Care System Project | 1 Online Health Care System | 2024-11-21 | 9.8 Critical |
| SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. | ||||
| CVE-2020-28073 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | 9.8 Critical |
| SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. | ||||
| CVE-2020-28072 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 7.2 High |
| A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE. | ||||
| CVE-2020-28071 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 4.8 Medium |
| SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS. | ||||