Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24985 | 1 Quadbase | 1 Espressdashboard | 2024-11-21 | 8.1 High |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. | ||||
| CVE-2020-24984 | 1 Quadbase | 1 Espressreports Es | 2024-11-21 | 8.8 High |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server. | ||||
| CVE-2020-24983 | 1 Quadbase | 1 Espressreports Es | 2024-11-21 | 8.8 High |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF. | ||||
| CVE-2020-24982 | 1 Quadbase | 1 Espressdashboard | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account. | ||||
| CVE-2020-24981 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 5.3 Medium |
| An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS. | ||||
| CVE-2020-24978 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 9.8 Critical |
| In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | ||||
| CVE-2020-24977 | 7 Debian, Fedoraproject, Netapp and 4 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2024-11-21 | 6.5 Medium |
| GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | ||||
| CVE-2020-24972 | 3 Fedoraproject, Kleopatra Project, Opensuse | 4 Fedora, Kleopatra, Backports Sle and 1 more | 2024-11-21 | 8.8 High |
| The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | ||||
| CVE-2020-24963 | 1 Appsbd | 1 Best Support System | 2024-11-21 | 5.4 Medium |
| An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. | ||||
| CVE-2020-24955 | 1 Superantispyware | 1 Professional X | 2024-11-21 | 7.8 High |
| SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware. | ||||
| CVE-2020-24950 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | ||||
| CVE-2020-24949 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 8.8 High |
| Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). | ||||
| CVE-2020-24948 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | 7.2 High |
| The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. | ||||
| CVE-2020-24944 | 1 Privateoctopus | 1 Picoquic | 2024-11-21 | 7.5 High |
| picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3. | ||||
| CVE-2020-24941 | 1 Laravel | 1 Laravel | 2024-11-21 | 7.5 High |
| An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. | ||||
| CVE-2020-24940 | 1 Laravel | 1 Laravel | 2024-11-21 | 7.5 High |
| An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. | ||||
| CVE-2020-24939 | 1 Stampit | 1 Supermixer | 2024-11-21 | 7.5 High |
| Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. | ||||
| CVE-2020-24930 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 8.1 High |
| Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. | ||||
| CVE-2020-24928 | 1 Premid | 1 Premid | 2024-11-21 | 5.3 Medium |
| managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. | ||||
| CVE-2020-24925 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 7.5 High |
| A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | ||||