Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | ||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | ||||
| CVE-2020-35338 | 1 Mobileviewpoint | 1 Wireless Multiplex Terminal Playout Server | 2024-11-21 | 9.8 Critical |
| The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon." | ||||
| CVE-2020-35337 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 9.8 Critical |
| ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 6.5 Medium |
| Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | ||||
| CVE-2020-35328 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 5.4 Medium |
| Courier Management System 1.0 - 'First Name' Stored XSS | ||||
| CVE-2020-35327 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | ||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | ||||
| CVE-2020-35313 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | ||||
| CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2024-11-21 | 4.8 Medium |
| Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | ||||
| CVE-2020-35308 | 1 Conquest Dicom Server Project | 1 Conquest Dicom Server | 2024-11-21 | 9.8 Critical |
| CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-35305 | 1 Gollum Project | 1 Gollum | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | ||||
| CVE-2020-35296 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 7.5 High |
| ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | ||||
| CVE-2020-35284 | 1 Flamingoim Project | 1 Flamingoim | 2024-11-21 | 7.5 High |
| Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | ||||
| CVE-2020-35276 | 1 Egavilanmedia | 1 Ecm Address Book | 2024-11-21 | 9.8 Critical |
| EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. | ||||
| CVE-2020-35275 | 1 Coastercms | 1 Coastercms | 2024-11-21 | 5.4 Medium |
| Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application. | ||||
| CVE-2020-35274 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS. | ||||
| CVE-2020-35273 | 1 Egavilanmedia | 1 User Registration \& Login System With Admin Panel | 2024-11-21 | 8.0 High |
| EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account. | ||||
| CVE-2020-35272 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 4.8 Medium |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | ||||
| CVE-2020-35271 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 4.8 Medium |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields. | ||||