Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25463 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25462 | 1 Moddable | 1 Moddable | 2024-11-21 | 9.8 Critical |
| Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. | ||||
| CVE-2020-25461 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2024-11-21 | 7.5 High |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | ||||
| CVE-2020-25454 | 1 Grocy Project | 1 Grocy | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. | ||||
| CVE-2020-25453 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | ||||
| CVE-2020-25449 | 1 Arachnys | 1 Cabot | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. | ||||
| CVE-2020-25445 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 7.8 High |
| The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. | ||||
| CVE-2020-25444 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | ||||
| CVE-2020-25427 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. | ||||
| CVE-2020-25422 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 5.4 Medium |
| A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-25414 | 1 Monstra | 1 Monstra | 2024-11-21 | 9.8 Critical |
| A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. | ||||
| CVE-2020-25411 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.5 Medium |
| Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. | ||||
| CVE-2020-25409 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 9.8 Critical |
| Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. | ||||
| CVE-2020-25408 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. | ||||
| CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2024-11-21 | 7.3 High |
| app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | ||||
| CVE-2020-25400 | 1 Taskcafe Project | 1 Taskcafe | 2024-11-21 | 7.5 High |
| Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. | ||||
| CVE-2020-25399 | 1 Mind | 1 Imind Server | 2024-11-21 | 7.8 High |
| Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | ||||
| CVE-2020-25398 | 1 Mind | 1 Imind Server | 2024-11-21 | 8.8 High |
| CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | ||||
| CVE-2020-25394 | 1 Mozilo | 1 Mozilocms | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. | ||||