Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35935 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.5 High |
| The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | ||||
| CVE-2020-35934 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 4.3 Medium |
| The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). | ||||
| CVE-2020-35933 | 1 Thenewsletterplugin | 1 Newsletter | 2024-11-21 | 6.5 Medium |
| A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. | ||||
| CVE-2020-35932 | 1 Tribulant | 1 Newsletter | 2024-11-21 | 7.5 High |
| Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. | ||||
| CVE-2020-35931 | 3 Apple, Foxitsoftware, Microsoft | 4 Macos, Foxit Reader, Phantompdf and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. | ||||
| CVE-2020-35930 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 5.4 Medium |
| Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | ||||
| CVE-2020-35929 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 9.8 Critical |
| In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | ||||
| CVE-2020-35928 | 1 Concread Project | 1 Concread | 2024-11-21 | 4.7 Medium |
| An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | ||||
| CVE-2020-35927 | 1 Thex Project | 1 Thex | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | ||||
| CVE-2020-35926 | 1 Nanorand Project | 1 Nanorand | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. | ||||
| CVE-2020-35925 | 1 Magnetic Project | 1 Magnetic | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | ||||
| CVE-2020-35924 | 1 Try-mutex Project | 1 Try-mutex | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type. | ||||
| CVE-2020-35923 | 1 Ordered-float Project | 1 Ordered-float | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | ||||
| CVE-2020-35922 | 1 Mio Project | 1 Mio | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35921 | 1 Miow Project | 1 Miow | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35920 | 1 Rust-lang | 1 Socket2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35919 | 1 Net2 Project | 1 Net2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35918 | 1 Hakobaito | 1 Branca | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. | ||||
| CVE-2020-35917 | 1 Pyo3 Project | 1 Pyo3 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | ||||
| CVE-2020-35916 | 1 Image-rs | 1 Image | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) | ||||