Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28884 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 7.2 High |
| Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw. | ||||
| CVE-2020-28877 | 1 Tp-link | 30 Wdr7400, Wdr7400 Firmware, Wdr7500 and 27 more | 2024-11-21 | 9.8 Critical |
| Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | ||||
| CVE-2020-28874 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 7.5 High |
| reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). | ||||
| CVE-2020-28873 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 7.5 High |
| Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server. | ||||
| CVE-2020-28872 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 9.8 Critical |
| An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | ||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 9.8 Critical |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | ||||
| CVE-2020-28870 | 1 Inoideas | 1 Inoerp | 2024-11-21 | 9.8 Critical |
| In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | ||||
| CVE-2020-28865 | 1 Powerjob | 1 Powerjob | 2024-11-21 | 7.5 High |
| An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | ||||
| CVE-2020-28864 | 1 Winscp | 1 Winscp | 2024-11-21 | 9.8 Critical |
| Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. | ||||
| CVE-2020-28861 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 5.3 Medium |
| OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application. | ||||
| CVE-2020-28860 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 8.8 High |
| OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. | ||||
| CVE-2020-28859 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 6.1 Medium |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks. | ||||
| CVE-2020-28858 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 8.8 High |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions. | ||||
| CVE-2020-28857 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 6.1 Medium |
| OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks. | ||||
| CVE-2020-28856 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 7.5 High |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. | ||||
| CVE-2020-28852 | 2 Golang, Redhat | 5 Text, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28851 | 2 Golang, Redhat | 5 Go, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28849 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | ||||
| CVE-2020-28848 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 8.8 High |
| CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | ||||
| CVE-2020-28847 | 1 Valine.js | 1 Valine | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. | ||||