Export limit exceeded: 364021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28441 | 1 Conf-cfg-ini Project | 1 Conf-cfg-ini | 2024-11-21 | 7.3 High |
| This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28440 | 1 Corenlp-js-interface Project | 1 Corenlp-js-interface | 2024-11-21 | 9.8 Critical |
| All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function. | ||||
| CVE-2020-28439 | 1 Corenlp-js-prefab Project | 1 Corenlp-js-prefab | 2024-11-21 | 9.8 Critical |
| This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC: | ||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2024-11-21 | 9.8 Critical |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | ||||
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-11-21 | 9.4 Critical |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | ||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2024-11-21 | 7.3 High |
| This affects all versions of package google-cloudstorage-commands. | ||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2024-11-21 | 9.4 Critical |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | ||||
| CVE-2020-28434 | 1 Gitblame Project | 1 Gitblame | 2024-11-21 | 9.4 Critical |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. | ||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2024-11-21 | 7.3 High |
| This affects all versions of package node-latex-pdf. | ||||
| CVE-2020-28429 | 1 Geojson2kml Project | 1 Geojson2kml | 2024-11-21 | 7.3 High |
| All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){}) | ||||
| CVE-2020-28426 | 1 Kill-process-on-port Project | 1 Kill-process-on-port | 2024-11-21 | 7.3 High |
| All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId. | ||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2024-11-21 | 7.3 High |
| This affects all versions of package curljs. | ||||
| CVE-2020-28424 | 1 S3-kilatstorage Project | 1 S3-kilatstorage | 2024-11-21 | 7.2 High |
| This affects all versions of package s3-kilatstorage. | ||||
| CVE-2020-28423 | 1 Monorepo-build Project | 1 Monorepo-build | 2024-11-21 | 9.8 Critical |
| This affects all versions of package monorepo-build. | ||||
| CVE-2020-28422 | 1 Git-archive Project | 1 Git-archive | 2024-11-21 | 6.4 Medium |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. | ||||
| CVE-2020-28421 | 2 Broadcom, Microsoft | 2 Unified Infrastructure Management, Windows | 2024-11-21 | 7.8 High |
| CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | ||||
| CVE-2020-28419 | 1 Hp | 1503 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy15a, Laserjet Managed Mfp E62665 3gy16a and 1500 more | 2024-11-21 | 8.8 High |
| During installation with certain driver software or application packages an arbitrary code execution could occur. | ||||
| CVE-2020-28416 | 1 Hp | 310 Officejet 250 Cz992a, Officejet 250 Cz992a Firmware, Officejet 250c L9d57a and 307 more | 2024-11-21 | 7.8 High |
| HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. | ||||
| CVE-2020-28415 | 1 Tranzware Payment Gateway Project | 1 Tranzware Payment Gateway | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414). | ||||
| CVE-2020-28414 | 1 Tranzware Payment Gateway Project | 1 Tranzware Payment Gateway | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415). | ||||