Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2024-11-21 | 7.5 High |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | ||||
| CVE-2020-23037 | 1 Portable | 1 Playable | 2024-11-21 | 9.8 Critical |
| Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2020-23036 | 1 Medianavi | 1 Smacom | 2024-11-21 | 5.9 Medium |
| MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. | ||||
| CVE-2020-23026 | 1 Dhrystone Project | 1 Dhrystone | 2024-11-21 | 7.5 High |
| A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). | ||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | ||||
| CVE-2020-23014 | 1 Apfell Project | 1 Apfell | 2024-11-21 | 5.4 Medium |
| APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel. | ||||
| CVE-2020-22987 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. | ||||
| CVE-2020-22986 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. | ||||
| CVE-2020-22985 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. | ||||
| CVE-2020-22984 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | ||||
| CVE-2020-22916 | 1 Tukaani | 1 Xz | 2024-11-21 | 5.5 Medium |
| An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase. | ||||
| CVE-2020-22907 | 1 Jsish | 1 Jsish | 2024-11-21 | 7.5 High |
| Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. | ||||
| CVE-2020-22886 | 1 Artifex | 1 Mujs | 2024-11-21 | 7.5 High |
| Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | ||||
| CVE-2020-22885 | 1 Artifex | 1 Mujs | 2024-11-21 | 7.5 High |
| Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | ||||
| CVE-2020-22884 | 1 Espruino | 1 Espruino | 2024-11-21 | 9.8 Critical |
| Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-22882 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61. | ||||
| CVE-2020-22876 | 1 Quickjs Project | 1 Quickjs | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release. | ||||
| CVE-2020-22875 | 1 Jsish | 1 Jsish | 2024-11-21 | 9.8 Critical |
| Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | ||||