Export limit exceeded: 363819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36872 | 1 Bacnet Test | 1 Test Server | 2026-04-15 | N/A |
| BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service. | ||||
| CVE-2020-36873 | 1 Astak | 1 Cm-818t3 | 2026-04-15 | N/A |
| Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network. | ||||
| CVE-2020-36874 | 1 Ace Security | 1 Wip-90113 Hd Camera | 2026-04-15 | N/A |
| ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network. | ||||
| CVE-2020-36875 | 2 Accessally, Wordpress | 3 Accessally, Popupally, Wordpress | 2026-04-15 | N/A |
| AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web server process, resulting in remote code execution. | ||||
| CVE-2020-36877 | 1 Request | 1 Serious Play Pro | 2026-04-15 | N/A |
| ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server. | ||||
| CVE-2020-36878 | 1 Request | 1 Serious Play | 2026-04-15 | N/A |
| ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources. | ||||
| CVE-2020-36879 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2026-04-15 | N/A |
| Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands. | ||||
| CVE-2020-36884 | 1 Brightsign | 1 Digital Signage Diagnostic Web Server | 2026-04-15 | N/A |
| BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts. | ||||
| CVE-2020-36903 | 1 Microsoft | 1 Windows | 2026-04-15 | 8.4 High |
| Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot. | ||||
| CVE-2020-36904 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.5 High |
| Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands. | ||||
| CVE-2020-36905 | 1 Fibaro | 5 Home Center 2, Home Center 3, Home Center 5 and 2 more | 2026-04-15 | 7.5 High |
| FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content. | ||||
| CVE-2020-36906 | 1 P5 | 2 Fnip-4xsh, Fnip-8x16a | 2026-04-15 | 4.3 Medium |
| P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form. | ||||
| CVE-2020-36907 | 1 Extremenetworks | 1 Aerohive Hiveos | 2026-04-15 | 7.5 High |
| Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption. | ||||
| CVE-2020-36910 | 2026-04-15 | 8.8 High | ||
| Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root. | ||||
| CVE-2020-36912 | 2026-04-15 | 9.8 Critical | ||
| Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter. | ||||
| CVE-2020-36913 | 1 All-dynamics | 1 Digital Signage System | 2026-04-15 | 5.3 Medium |
| All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks. | ||||
| CVE-2020-36914 | 1 Qihang Media | 1 Web Digital Signage | 2026-04-15 | 7.5 High |
| QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner. | ||||
| CVE-2020-36915 | 2026-04-15 | 7.5 High | ||
| Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | ||||
| CVE-2020-36916 | 2026-04-15 | 8.8 High | ||
| TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access. | ||||
| CVE-2020-36917 | 2026-04-15 | 7.5 High | ||
| iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications. | ||||