Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5620 | 1 Exceedone | 1 Exment | 2024-11-21 | 5.4 Medium |
| Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. | ||||
| CVE-2020-5619 | 1 Exceedone | 1 Exment | 2024-11-21 | 5.4 Medium |
| Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. | ||||
| CVE-2020-5617 | 1 Skygroup | 1 Skysea Client View | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. | ||||
| CVE-2020-5616 | 8 Calendar01 Project, Calendar02 Project, Calendarform01 Project and 5 more | 8 Calendar01, Calendar02, Calendarform01 and 5 more | 2024-11-21 | 9.8 Critical |
| [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. | ||||
| CVE-2020-5615 | 2 Calendar01 Project, Calendar02 Project | 2 Calendar01, Calendar02 | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2020-5614 | 1 Kujirahand | 1 Konawiki | 2024-11-21 | 5.3 Medium |
| Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2020-5613 | 1 Kujirahand | 1 Konawiki | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. | ||||
| CVE-2020-5612 | 1 Kujirahand | 1 Konawiki | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. | ||||
| CVE-2020-5611 | 1 Wpsocialrocket | 1 Social Sharing | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2020-5610 | 1 Toyota | 1 Global Techstream | 2024-11-21 | 7.8 High |
| Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors. | ||||
| CVE-2020-5609 | 1 Yokogawa | 8 B\/m9000cs, B\/m9000cs Firmware, B\/m9000vp and 5 more | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. | ||||
| CVE-2020-5608 | 1 Yokogawa | 8 B\/m9000cs, B\/m9000cs Firmware, B\/m9000vp and 5 more | 2024-11-21 | 9.8 Critical |
| CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. | ||||
| CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2020-5606 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | ||||
| CVE-2020-5605 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2024-11-21 | 4.3 Medium |
| Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | ||||
| CVE-2020-5604 | 1 Mercari | 1 Mercari | 2024-11-21 | 8.1 High |
| Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView. | ||||
| CVE-2020-5603 | 1 Mitsubishielectric | 20 Cpu Module Logging Configuration Tool, Cw Configurator, Em Configurator and 17 more | 2024-11-21 | 7.5 High |
| Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors. | ||||
| CVE-2020-5602 | 1 Mitsubishielectric | 20 Cpu Module Logging Configuration Tool, Cw Configurator, Em Configurator and 17 more | 2024-11-21 | 7.5 High |
| Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2020-5601 | 1 Nta | 1 E-tax Reception System | 2024-11-21 | 8.8 High |
| Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. | ||||
| CVE-2020-5600 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2024-11-21 | 7.5 High |
| TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | ||||