Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23127 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 8.8 High |
| Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | ||||
| CVE-2020-23126 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends. | ||||
| CVE-2020-23109 | 1 Struktur | 1 Libheif | 2024-11-21 | 8.1 High |
| Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. | ||||
| CVE-2020-23083 | 1 Guojusoft | 1 Jeecg | 2024-11-21 | 9.8 Critical |
| Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". | ||||
| CVE-2020-23079 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 High |
| SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | ||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 6.5 Medium |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | ||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 7.5 High |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | ||||
| CVE-2020-23060 | 1 Tonec | 1 Internet Download Manager | 2024-11-21 | 7.1 High |
| Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. | ||||
| CVE-2020-23058 | 1 File Explorer Project | 1 File Explorer | 2024-11-21 | 4.6 Medium |
| An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. | ||||
| CVE-2020-23055 | 1 Lancom-systems | 3 Lcos, Wlc-1000, Wlc-4006 | 2024-11-21 | 5.4 Medium |
| ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters. | ||||
| CVE-2020-23054 | 1 User-agent Switcher And Manager Project | 1 User-agent Switcher And Manager | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field. | ||||
| CVE-2020-23052 | 1 Catalyst | 1 Mahara | 2024-11-21 | 5.4 Medium |
| Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters. | ||||
| CVE-2020-23051 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 6.1 Medium |
| Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. | ||||
| CVE-2020-23050 | 1 Taotesting | 1 Tao Assessment Platform | 2024-11-21 | 8.0 High |
| TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | ||||
| CVE-2020-23049 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 5.4 Medium |
| Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-23048 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. | ||||
| CVE-2020-23047 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 6.1 Medium |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. | ||||
| CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | ||||
| CVE-2020-23045 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 7.2 High |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. | ||||
| CVE-2020-23044 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||