Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28857 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 6.1 Medium |
| OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks. | ||||
| CVE-2020-28856 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 7.5 High |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. | ||||
| CVE-2020-28852 | 2 Golang, Redhat | 5 Text, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28851 | 2 Golang, Redhat | 5 Go, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28849 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | ||||
| CVE-2020-28848 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 8.8 High |
| CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | ||||
| CVE-2020-28847 | 1 Valine.js | 1 Valine | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. | ||||
| CVE-2020-28846 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.5 Medium |
| Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. | ||||
| CVE-2020-28845 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.8 High |
| A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | ||||
| CVE-2020-28841 | 1 Drivergenius | 1 Drivergenius Firmware | 2024-11-21 | 5.5 Medium |
| MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1. | ||||
| CVE-2020-28840 | 1 Matthiaswandel | 1 Jhead | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | ||||
| CVE-2020-28838 | 1 Opencart | 1 Opencart | 2024-11-21 | 3.5 Low |
| Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart. | ||||
| CVE-2020-28759 | 1 Tengine Project | 1 Tengine | 2024-11-21 | 5.5 Medium |
| The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far. | ||||
| CVE-2020-28736 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | ||||
| CVE-2020-28735 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | ||||
| CVE-2020-28734 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | ||||
| CVE-2020-28727 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php. | ||||
| CVE-2020-28726 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. | ||||
| CVE-2020-28724 | 1 Palletsprojects | 1 Werkzeug | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | ||||
| CVE-2020-28723 | 1 Cloudavid | 1 Pparam | 2024-11-21 | 7.5 High |
| Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. | ||||