Export limit exceeded: 364207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364207 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8135 1 Uppy 1 Uppy 2024-11-21 9.8 Critical
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
CVE-2020-8134 1 Ghost 1 Ghost 2024-11-21 8.1 High
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
CVE-2020-8133 1 Nextcloud 1 Nextcloud Server 2024-11-21 5.3 Medium
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
CVE-2020-8132 1 Pdf-image Project 1 Pdf-image 2024-11-21 9.8 Critical
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
CVE-2020-8131 2 Redhat, Yarnpkg 2 Quay, Yarn 2024-11-21 7.5 High
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
CVE-2020-8130 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 6.4 Medium
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
CVE-2020-8129 1 Script-manager Project 1 Script-manager 2024-11-21 9.8 Critical
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code.
CVE-2020-8128 1 Jsreport 1 Jsreport 2024-11-21 9.8 Critical
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
CVE-2020-8127 1 Revealjs 1 Reveal.js 2024-11-21 6.1 Medium
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
CVE-2020-8126 1 Ui 1 Edgeswitch 2024-11-21 7.8 High
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).
CVE-2020-8125 1 Klona Project 1 Klona 2024-11-21 9.8 Critical
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
CVE-2020-8124 2 Redhat, Url-parse Project 2 Service Mesh, Url-parse 2024-11-21 5.3 Medium
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2020-8123 1 Strapi 1 Strapi 2024-11-21 4.9 Medium
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
CVE-2020-8122 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVE-2020-8121 1 Nextcloud 1 Nextcloud Server 2024-11-21 8.1 High
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVE-2020-8120 1 Nextcloud 1 Nextcloud Server 2024-11-21 6.1 Medium
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
CVE-2020-8119 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
CVE-2020-8118 3 Nextcloud, Novell, Opensuse 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle 2024-11-21 5.0 Medium
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVE-2020-8117 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVE-2020-8116 2 Dot-prop Project, Redhat 4 Dot-prop, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 7.3 High
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.