Export limit exceeded: 364647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28281 | 1 Set-object-value Project | 1 Set-object-value | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28280 | 1 Predefine Project | 1 Predefine | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28279 | 1 Flattenizer Project | 1 Flattenizer | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28278 | 1 Shvl Project | 1 Shvl | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28277 | 1 Dset Project | 1 Dset | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28276 | 1 Deep-set Project | 1 Deep-set | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28274 | 1 Deepref Project | 1 Deepref | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28273 | 1 Set-in Project | 1 Set-in | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28272 | 1 Keyget Project | 1 Keyget | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28270 | 1 Mjpclab | 1 Object-hierarchy-access | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28269 | 1 Exodus | 1 Field | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28268 | 1 Controlled-merge Project | 1 Controlled-merge | 2024-11-21 | 7.5 High |
| Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28267 | 1 Set Project | 1 Set | 2024-11-21 | 7.5 High |
| Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28251 | 1 Netscout | 7 Airmagnet Enterprise, Sensor4-r1s1w1-e, Sensor4-r2s1-e and 4 more | 2024-11-21 | 8.1 High |
| NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. | ||||
| CVE-2020-28250 | 1 Cellinx | 1 Nvt Web Server | 2024-11-21 | 9.8 Critical |
| Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. | ||||
| CVE-2020-28249 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 6.1 Medium |
| Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. | ||||
| CVE-2020-28248 | 1 Png-img Project | 1 Png-img | 2024-11-21 | 8.8 High |
| An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. | ||||
| CVE-2020-28247 | 1 Lettre | 1 Lettre | 2024-11-21 | 5.3 Medium |
| The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. | ||||
| CVE-2020-28246 | 1 Form | 1 Form.io | 2024-11-21 | 9.8 Critical |
| A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins. | ||||
| CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 7.8 High |
| An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | ||||