Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23839 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | ||||
| CVE-2020-23837 | 1 Multi User Project | 1 Multi User | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. | ||||
| CVE-2020-23836 | 1 Oswapp | 1 Warehouse Inventory System | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site. | ||||
| CVE-2020-23835 | 1 Tailor Management System Project | 1 Tailor Management System | 2024-11-21 | 6.4 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing. | ||||
| CVE-2020-23834 | 1 Realtimelogic | 1 Barracudadrive | 2024-11-21 | 8.8 High |
| Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem. | ||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2024-11-21 | 9.8 Critical |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | ||||
| CVE-2020-23832 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 6.1 Medium |
| A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login. | ||||
| CVE-2020-23831 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 6.4 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. | ||||
| CVE-2020-23830 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 7.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. | ||||
| CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 8.8 High |
| interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | ||||
| CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2024-11-21 | 9.8 Critical |
| A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | ||||
| CVE-2020-23826 | 1 Assaabloy | 2 Yale Wipc-303w, Yale Wipc-303w Firmware | 2024-11-21 | 8.8 High |
| The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 | ||||
| CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2024-11-21 | 8.8 High |
| ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | ||||
| CVE-2020-23814 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | ||||
| CVE-2020-23811 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 7.5 High |
| xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | ||||
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 7.5 High |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
| CVE-2020-23793 | 1 Spice-space | 1 Spice-server | 2024-11-21 | 8.6 High |
| An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | ||||
| CVE-2020-23790 | 1 Uxper | 1 Golo | 2024-11-21 | 9.8 Critical |
| An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | ||||
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 7.5 High |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | ||||
| CVE-2020-23774 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. | ||||