Export limit exceeded: 363619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2024-11-21 | 7.5 High |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | ||||
| CVE-2020-23469 | 1 Gmate Project | 1 Gmate | 2024-11-21 | 7.5 High |
| gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | ||||
| CVE-2020-23466 | 1 Phpgurukul | 1 Online Marriage Registration System | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | ||||
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 8.8 High |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | ||||
| CVE-2020-23450 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 5.4 Medium |
| Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization. | ||||
| CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 High |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | ||||
| CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | ||||
| CVE-2020-23447 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 6.1 Medium |
| newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office". | ||||
| CVE-2020-23446 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 5.3 Medium |
| Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | ||||
| CVE-2020-23426 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | ||||
| CVE-2020-23376 | 1 5none | 1 Nonecms | 2024-11-21 | 6.1 Medium |
| NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | ||||
| CVE-2020-23374 | 1 5none | 1 Nonecms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2020-23373 | 1 5none | 1 Nonecms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2020-23371 | 1 5none | 1 Nonecms | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter. | ||||
| CVE-2020-23370 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML. | ||||
| CVE-2020-23369 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | ||||
| CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-11-21 | 9.8 Critical |
| phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 9.8 Critical |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | ||||
| CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2024-11-21 | 9.8 Critical |
| WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | ||||
| CVE-2020-23356 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 7.5 High |
| dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||