Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24208 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. | ||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 9.8 Critical |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | ||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2024-11-21 | 9.8 Critical |
| File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | ||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-11-21 | 9.8 Critical |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | ||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 6.1 Medium |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | ||||
| CVE-2020-24197 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 7.2 High |
| An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | ||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 9.1 Critical |
| An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | ||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | ||||
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | ||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | ||||
| CVE-2020-24187 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | ||||
| CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 10 Critical |
| A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | ||||
| CVE-2020-24175 | 1 Yz1 | 1 Yz1 | 2024-11-21 | 7.8 High |
| Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling. | ||||
| CVE-2020-24165 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 8.8 High |
| An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. | ||||
| CVE-2020-24164 | 1 Taoensso | 1 Nippy | 2024-11-21 | 7.8 High |
| A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. | ||||
| CVE-2020-24162 | 1 Tencent | 1 Tencent | 2024-11-21 | 7.8 High |
| The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24161 | 1 163 | 1 Netease Mail Master | 2024-11-21 | 7.8 High |
| Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24160 | 1 Tencent | 1 Tim | 2024-11-21 | 7.8 High |
| Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2024-11-21 | 7.8 High |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | ||||