Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35437 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. | ||||
| CVE-2020-35430 | 1 Inxedu | 1 Inxedu | 2024-11-21 | 9.8 Critical |
| SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem. | ||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | ||||
| CVE-2020-35419 | 1 Group-office | 1 Group Office | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | ||||
| CVE-2020-35418 | 1 Group-office | 1 Group Office | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | ||||
| CVE-2020-35416 | 1 Onlineonly | 1 Phpjabbers Appointment Scheduler | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2020-35398 | 1 Utimf | 1 Uti Mutual Fund Invest Online | 2024-11-21 | 5.3 Medium |
| An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted. | ||||
| CVE-2020-35396 | 1 Egavilanmedia | 1 Barcodes Generator | 2024-11-21 | 6.1 Medium |
| EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website. | ||||
| CVE-2020-35395 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 6.1 Medium |
| XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field | ||||
| CVE-2020-35391 | 1 Tenda | 2 F3, F3 Firmware | 2024-11-21 | 9.6 Critical |
| Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior. | ||||
| CVE-2020-35388 | 1 Rockoa | 1 Xinhu | 2024-11-21 | 7.5 High |
| rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. | ||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 7.2 High |
| SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | ||||
| CVE-2020-35381 | 3 Fedoraproject, Jsonparser Project, Redhat | 3 Fedora, Jsonparser, Acm | 2024-11-21 | 7.5 High |
| jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | ||||
| CVE-2020-35380 | 1 Gjson Project | 1 Gjson | 2024-11-21 | 7.5 High |
| GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. | ||||
| CVE-2020-35378 | 1 Online Bus Ticket Reservation Project | 1 Online Bus Ticket Reservation | 2024-11-21 | 9.8 Critical |
| SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. | ||||
| CVE-2020-35376 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-11-21 | 7.5 High |
| Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | ||||
| CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 6.1 Medium |
| In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | ||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2024-11-21 | 8.8 High |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | ||||
| CVE-2020-35364 | 1 Huorong | 1 Internet Security | 2024-11-21 | 9.8 Critical |
| Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. | ||||
| CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2024-11-21 | 7.5 High |
| DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | ||||