Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23826 | 1 Assaabloy | 2 Yale Wipc-303w, Yale Wipc-303w Firmware | 2024-11-21 | 8.8 High |
| The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 | ||||
| CVE-2020-23824 | 1 Argosoft | 1 Mail Server | 2024-11-21 | 8.8 High |
| ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. | ||||
| CVE-2020-23814 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | ||||
| CVE-2020-23811 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 7.5 High |
| xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | ||||
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 7.5 High |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
| CVE-2020-23793 | 1 Spice-space | 1 Spice-server | 2024-11-21 | 8.6 High |
| An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | ||||
| CVE-2020-23790 | 1 Uxper | 1 Golo | 2024-11-21 | 9.8 Critical |
| An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | ||||
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 7.5 High |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | ||||
| CVE-2020-23774 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. | ||||
| CVE-2020-23768 | 1 Phpyun | 1 Phpyun | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers. | ||||
| CVE-2020-23766 | 1 Htmly | 1 Htmly | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges. | ||||
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | ||||
| CVE-2020-23763 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 9.8 Critical |
| SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | ||||
| CVE-2020-23762 | 1 Larsens Calendar Project | 1 Larsens Calendar | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab. | ||||
| CVE-2020-23761 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. | ||||
| CVE-2020-23754 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature. | ||||
| CVE-2020-23741 | 1 Amoisoft | 1 Anyview | 2024-11-21 | 5.5 Medium |
| In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). | ||||
| CVE-2020-23740 | 1 Drivergenius | 1 Drivergenius | 2024-11-21 | 7.8 High |
| In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | ||||
| CVE-2020-23738 | 1 Advancedsystemcare | 1 Advanced Systemcare | 2024-11-21 | 5.5 Medium |
| There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | ||||
| CVE-2020-23736 | 1 Dadajiasu | 1 Dada Accelerator | 2024-11-21 | 5.5 Medium |
| There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). | ||||