Export limit exceeded: 363161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-11-21 | 7.5 High |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | ||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | 9.1 Critical |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | ||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2024-11-21 | 9.1 Critical |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | ||||
| CVE-2020-24146 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 8.1 High |
| Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. | ||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | ||||
| CVE-2020-24144 | 1 Media File Organizer Project | 1 Media File Organizer | 2024-11-21 | 8.6 High |
| Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. | ||||
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 7.5 High |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | ||||
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 9.8 Critical |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | ||||
| CVE-2020-24141 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 5.3 Medium |
| Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services | ||||
| CVE-2020-24140 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24139 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24138 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. | ||||
| CVE-2020-24137 | 1 Wcms | 1 Wcms | 2024-11-21 | 5.3 Medium |
| Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. | ||||
| CVE-2020-24136 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.6 High |
| Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. | ||||
| CVE-2020-24135 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. | ||||
| CVE-2020-24133 | 1 Radare | 1 Radare2-extras | 2024-11-21 | 9.8 Critical |
| A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. | ||||
| CVE-2020-24130 | 1 Ponzu-cms | 1 Ponzu | 2024-11-21 | 8.1 High |
| A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | ||||
| CVE-2020-24115 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 9.8 Critical |
| In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | ||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2024-11-21 | 9.1 Critical |
| Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | ||||
| CVE-2020-24104 | 1 Pix-link | 2 Lv-wr07, Lv-wr07 Firmware | 2024-11-21 | 6.1 Medium |
| XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter. | ||||