Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22167 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data. | ||||
| CVE-2020-22166 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | ||||
| CVE-2020-22165 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | ||||
| CVE-2020-22164 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | ||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2024-11-21 | 8.8 High |
| EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | ||||
| CVE-2020-22158 | 1 Mediakind | 2 Rx8200, Rx8200 Firmware | 2024-11-21 | 6.1 Medium |
| MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code. | ||||
| CVE-2020-22150 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-22148 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-22124 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 High |
| A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. | ||||
| CVE-2020-22122 | 1 Find A Place Ljcms Project | 1 Find A Place Ljcms | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. | ||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | ||||
| CVE-2020-22083 | 1 Jsonpickle Project | 1 Jsonpickle | 2024-11-21 | 9.8 Critical |
| jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data | ||||
| CVE-2020-22079 | 1 Tendacn | 4 Ac10u, Ac10u Firmware, Ac9 and 1 more | 2024-11-21 | 9.8 Critical |
| Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. | ||||
| CVE-2020-22061 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | 7.8 High |
| SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140. | ||||
| CVE-2020-22057 | 1 Evga | 1 Precision Xoc | 2024-11-21 | 9.1 Critical |
| The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. | ||||
| CVE-2020-22056 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | ||||
| CVE-2020-22054 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. | ||||
| CVE-2020-22051 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. | ||||
| CVE-2020-22049 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | ||||
| CVE-2020-22048 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. | ||||