Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24032 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-11-21 | 9.8 Critical |
| tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. | ||||
| CVE-2020-24027 | 1 Live555 | 1 Liblivemedia | 2024-11-21 | 9.8 Critical |
| In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time. | ||||
| CVE-2020-24026 | 1 Tinyshop Project | 1 Tinyshop | 2024-11-21 | 6.1 Medium |
| TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure. | ||||
| CVE-2020-24025 | 1 Sass-lang | 1 Node-sass | 2024-11-21 | 5.3 Medium |
| Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | ||||
| CVE-2020-24020 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-24008 | 1 Umanni | 1 Human Resources | 2024-11-21 | 5.3 Medium |
| Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2024-11-21 | 9.8 Critical |
| Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | ||||
| CVE-2020-24003 | 1 Microsoft | 1 Skype | 2024-11-21 | 3.3 Low |
| Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. | ||||
| CVE-2020-24000 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | ||||
| CVE-2020-23996 | 1 Ilias | 1 Ilias | 2024-11-21 | 8.8 High |
| A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | ||||
| CVE-2020-23995 | 1 Ilias | 1 Ilias | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | ||||
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | ||||
| CVE-2020-23989 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C allows pwsec.php oid XSS. | ||||
| CVE-2020-23986 | 1 Github Readme Stats Project | 1 Github Readme Stats | 2024-11-21 | 6.1 Medium |
| Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError. | ||||
| CVE-2020-23984 | 1 Online Hotel Booking System Pro Project | 1 Online Hotel Booking System Pro | 2024-11-21 | 5.4 Medium |
| Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | ||||
| CVE-2020-23983 | 1 Ichat Project | 1 Ichat | 2024-11-21 | 5.4 Medium |
| Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | ||||
| CVE-2020-23982 | 1 Designmasterevents | 1 Conference Management Cms | 2024-11-21 | 6.1 Medium |
| DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' | ||||
| CVE-2020-23981 | 1 13enforme | 1 13enforme Cms | 2024-11-21 | 6.1 Medium |
| 13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter. | ||||
| CVE-2020-23980 | 1 Designmasterevents | 1 Conference Management | 2024-11-21 | 9.8 Critical |
| DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | ||||
| CVE-2020-23979 | 1 13enforme | 1 13enforme Cms | 2024-11-21 | 9.8 Critical |
| 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. | ||||