Export limit exceeded: 366888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366888 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7646 | 1 Curlrequest Project | 1 Curlrequest | 2024-11-21 | 9.8 Critical |
| curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | ||||
| CVE-2020-7645 | 1 Google | 1 Chrome-launcher | 2024-11-21 | 9.8 Critical |
| All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | ||||
| CVE-2020-7644 | 1 Fun-map Project | 1 Fun-map | 2024-11-21 | 8.1 High |
| fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-11-21 | 5.3 Medium |
| paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7642 | 1 Lazysizes Project | 1 Lazysizes | 2024-11-21 | 5.4 Medium |
| lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript. | ||||
| CVE-2020-7641 | 1 Grunt-util-property Project | 1 Grunt-util-property | 2024-11-21 | 4 Medium |
| This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2024-11-21 | 9.8 Critical |
| pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | ||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2024-11-21 | 5.3 Medium |
| eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2024-11-21 | 5.3 Medium |
| confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2024-11-21 | 5.3 Medium |
| class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2024-11-21 | 9.8 Critical |
| adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | ||||
| CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2024-11-21 | 9.8 Critical |
| compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | ||||
| CVE-2020-7634 | 1 Heroku-addonpool Project | 1 Heroku-addonpool | 2024-11-21 | 9.8 Critical |
| heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | ||||
| CVE-2020-7633 | 1 Apiconnect-cli-plugins Project | 1 Apiconnect-cli-plugins | 2024-11-21 | 9.8 Critical |
| apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | ||||
| CVE-2020-7632 | 1 Node-mpv Project | 1 Node-mpv | 2024-11-21 | 9.8 Critical |
| node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | ||||
| CVE-2020-7631 | 1 Diskusage-ng Project | 1 Diskusage-ng | 2024-11-21 | 9.8 Critical |
| diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | ||||
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2024-11-21 | 9.8 Critical |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | ||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2024-11-21 | 9.8 Critical |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | ||||
| CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2024-11-21 | 9.8 Critical |
| umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | ||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2024-11-21 | 9.8 Critical |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | ||||