Export limit exceeded: 364207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364207 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26050 | 1 Safervpn | 1 Safervpn | 2024-11-21 | 7.8 High |
| SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. | ||||
| CVE-2020-26049 | 1 Niftypm | 1 Nifty-pm | 2024-11-21 | 6.1 Medium |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. | ||||
| CVE-2020-26048 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.8 High |
| The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | ||||
| CVE-2020-26046 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | ||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 9.8 Critical |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | ||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | ||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | ||||
| CVE-2020-26041 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | ||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | ||||
| CVE-2020-26034 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | ||||
| CVE-2020-26033 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. | ||||
| CVE-2020-26032 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. | ||||
| CVE-2020-26031 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | ||||
| CVE-2020-26030 | 1 Zammad | 1 Zammad | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. | ||||
| CVE-2020-26029 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header. | ||||
| CVE-2020-26028 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets. | ||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 7.8 High |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 7.8 High |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2020-26006 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. | ||||
| CVE-2020-25990 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 9.8 Critical |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | ||||