Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2024-11-21 | 7.2 High |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | ||||
| CVE-2020-29292 | 1 Iball | 2 Wrd12en, Wrd12en Firmware | 2024-11-21 | 6.5 Medium |
| iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. | ||||
| CVE-2020-29287 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 9.8 Critical |
| An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. | ||||
| CVE-2020-29285 | 1 Point Of Sales In Php\/pdo Project | 1 Point Of Sales In Php\/pdo | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. | ||||
| CVE-2020-29284 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2024-11-21 | 9.8 Critical |
| The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. | ||||
| CVE-2020-29283 | 1 Online Doctor Appointment Booking System Php And Mysql Project | 1 Online Doctor Appointment Booking System Php And Mysql | 2024-11-21 | 9.8 Critical |
| An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. | ||||
| CVE-2020-29282 | 1 Bloodx Project | 1 Bloodx | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. | ||||
| CVE-2020-29280 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 9.8 Critical |
| The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. | ||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | ||||
| CVE-2020-29260 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2024-11-21 | 7.5 High |
| libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | ||||
| CVE-2020-29259 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. | ||||
| CVE-2020-29258 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. | ||||
| CVE-2020-29257 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php. | ||||
| CVE-2020-29254 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 8.8 High |
| TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited. | ||||
| CVE-2020-29250 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.1 Medium |
| CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | ||||
| CVE-2020-29249 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.1 Medium |
| CXUUCMS V3 allows class="layui-input" XSS. | ||||
| CVE-2020-29247 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 4.8 Medium |
| WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload. | ||||
| CVE-2020-29245 | 1 Tag Project | 1 Tag | 2024-11-21 | 6.5 Medium |
| dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData. | ||||
| CVE-2020-29244 | 1 Tag Project | 1 Tag | 2024-11-21 | 6.5 Medium |
| dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame. | ||||
| CVE-2020-29243 | 1 Tag Project | 1 Tag | 2024-11-21 | 6.5 Medium |
| dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame. | ||||