Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-22352 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2020-22345 1 Centreon 1 Centreon 2024-11-21 8.8 High
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
CVE-2020-22336 1 Pdfcrack Project 1 Pdfcrack 2024-11-21 9.8 Critical
An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.
CVE-2020-22330 1 Intelliants 1 Subrion 2024-11-21 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
CVE-2020-22312 1 Hznuoj Project 1 Hznuoj 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
CVE-2020-22284 1 Lwip Project 1 Lwip 2024-11-21 7.5 High
A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.
CVE-2020-22283 1 Lwip Project 1 Lwip 2024-11-21 7.5 High
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.
CVE-2020-22278 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 8.8 High
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
CVE-2020-22277 1 Codection 1 Import And Export Users And Customers 2024-11-21 8.0 High
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
CVE-2020-22276 1 Weformspro 1 Weforms 2024-11-21 9.8 Critical
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
CVE-2020-22275 1 Easyregistrationforms 1 Easy Registration Forms 2024-11-21 8.8 High
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
CVE-2020-22274 1 Jomsocial 1 Jomsocial 2024-11-21 9.8 Critical
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.
CVE-2020-22273 1 Creativeitem 1 Neoflex Video Subscription System 2024-11-21 6.5 Medium
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
CVE-2020-22253 1 Xiongmaitech 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more 2024-11-21 9.8 Critical
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
CVE-2020-22251 1 Phplist 1 Phplist 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.
CVE-2020-22249 1 Phplist 1 Phplist 2024-11-21 9.8 Critical
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
CVE-2020-22226 1 Phpjabbers 1 Fundraising Script 2024-11-21 9.8 Critical
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.
CVE-2020-22225 1 Phpjabbers 1 Fundraising Script 2024-11-21 9.8 Critical
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
CVE-2020-22224 1 Phpjabbers 1 Fundraising Script 2024-11-21 6.1 Medium
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.
CVE-2020-22223 1 Phpjabbers 1 Fundraising Script 2024-11-21 9.8 Critical
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.