Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23554 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. | ||||
| CVE-2020-23553 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. | ||||
| CVE-2020-23552 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. | ||||
| CVE-2020-23551 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. | ||||
| CVE-2020-23550 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. | ||||
| CVE-2020-23549 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6". | ||||
| CVE-2020-23546 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981. | ||||
| CVE-2020-23545 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. | ||||
| CVE-2020-23539 | 1 Realtek | 2 Rtl8723de, Rtl8723de Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. | ||||
| CVE-2020-23534 | 1 Masterlab | 1 Masterlab | 2024-11-21 | 9.8 Critical |
| A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | ||||
| CVE-2020-23533 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-23522 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 6.8 Medium |
| Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | ||||
| CVE-2020-23520 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.2 High |
| imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | ||||
| CVE-2020-23518 | 1 Ultimatekode | 1 Neo Billing | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2020-23517 | 1 Aryanic | 1 High Cms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. | ||||
| CVE-2020-23512 | 1 Vr Cam | 2 P1, P1 Firmware | 2024-11-21 | 9.8 Critical |
| VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | ||||
| CVE-2020-23490 | 1 Wwbn | 1 Avideo | 2024-11-21 | 7.5 High |
| There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. | ||||
| CVE-2020-23489 | 1 Wwbn | 1 Avideo | 2024-11-21 | 8.8 High |
| The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. | ||||
| CVE-2020-23481 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | ||||
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2024-11-21 | 7.5 High |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | ||||