Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24193 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | ||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | ||||
| CVE-2020-24187 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | ||||
| CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 10 Critical |
| A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | ||||
| CVE-2020-24175 | 1 Yz1 | 1 Yz1 | 2024-11-21 | 7.8 High |
| Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling. | ||||
| CVE-2020-24165 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 8.8 High |
| An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. | ||||
| CVE-2020-24164 | 1 Taoensso | 1 Nippy | 2024-11-21 | 7.8 High |
| A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. | ||||
| CVE-2020-24162 | 1 Tencent | 1 Tencent | 2024-11-21 | 7.8 High |
| The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24161 | 1 163 | 1 Netease Mail Master | 2024-11-21 | 7.8 High |
| Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24160 | 1 Tencent | 1 Tim | 2024-11-21 | 7.8 High |
| Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2024-11-21 | 7.8 High |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | ||||
| CVE-2020-24158 | 1 360 | 1 Speed Browser | 2024-11-21 | 7.8 High |
| 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. | ||||
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-11-21 | 7.5 High |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | ||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | 9.1 Critical |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | ||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2024-11-21 | 9.1 Critical |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | ||||
| CVE-2020-24146 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 8.1 High |
| Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. | ||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | ||||
| CVE-2020-24144 | 1 Media File Organizer Project | 1 Media File Organizer | 2024-11-21 | 8.6 High |
| Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. | ||||
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 7.5 High |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | ||||
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 9.8 Critical |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | ||||