Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8789 | 1 Composr Project | 1 Composr | 2024-11-21 | 5.4 Medium |
| Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | ||||
| CVE-2020-8788 | 1 Synaptivemedical | 1 Clearcanvas | 2024-11-21 | 6.1 Medium |
| Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | ||||
| CVE-2020-8787 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 High |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. | ||||
| CVE-2020-8786 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | ||||
| CVE-2020-8785 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | ||||
| CVE-2020-8784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | ||||
| CVE-2020-8783 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | ||||
| CVE-2020-8782 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-11-21 | 7.5 High |
| Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | ||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-11-21 | 7.8 High |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | ||||
| CVE-2020-8778 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 5.4 Medium |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | ||||
| CVE-2020-8777 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 5.4 Medium |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | ||||
| CVE-2020-8776 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 5.4 Medium |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | ||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2024-11-21 | 8.9 High |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | ||||
| CVE-2020-8774 | 1 Pega | 1 Pega Platform | 2024-11-21 | 8.8 High |
| Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | ||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2024-11-21 | 8.9 High |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-8772 | 1 Revmakx | 1 Infinitewp Client | 2024-11-21 | 9.8 Critical |
| The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. | ||||
| CVE-2020-8771 | 1 Wptimecapsule | 1 Wp Time Capsule | 2024-11-21 | 9.8 Critical |
| The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | ||||
| CVE-2020-8768 | 1 Phoenixcontact | 4 Ilc 2050 Bi, Ilc 2050 Bi-l, Ilc 2050 Bi-l Firmware and 1 more | 2024-11-21 | 9.4 Critical |
| An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. | ||||
| CVE-2020-8767 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 5.5 Medium |
| Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-8766 | 1 Intel | 1 Software Guard Extensions Data Center Attestation Primitives | 2024-11-21 | 6.5 Medium |
| Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||