Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22844 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 High |
| A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | ||||
| CVE-2020-22842 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | ||||
| CVE-2020-22841 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 4.8 Medium |
| Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | ||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | ||||
| CVE-2020-22839 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | ||||
| CVE-2020-22809 | 1 Windscribe | 1 Windscribe | 2024-11-21 | 7.8 High |
| In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation. | ||||
| CVE-2020-22808 | 1 Fecmall Project | 1 Fecmall | 2024-11-21 | 6.1 Medium |
| An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page. | ||||
| CVE-2020-22807 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 9.8 Critical |
| An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | ||||
| CVE-2020-22790 | 1 Safe | 1 Fme Server | 2024-11-21 | 5.4 Medium |
| Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs. | ||||
| CVE-2020-22789 | 1 Safe | 1 Fme Server | 2024-11-21 | 6.1 Medium |
| Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs. | ||||
| CVE-2020-22785 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check. | ||||
| CVE-2020-22784 | 1 Etherpad | 1 Ueberdb | 2024-11-21 | 7.5 High |
| In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | ||||
| CVE-2020-22783 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 6.5 Medium |
| Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. | ||||
| CVE-2020-22782 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance. | ||||
| CVE-2020-22781 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | ||||
| CVE-2020-22765 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. | ||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | ||||
| CVE-2020-22741 | 1 Baidu | 1 Xuperchain | 2024-11-21 | 7.5 High |
| An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | ||||
| CVE-2020-22732 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.8 Medium |
| CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | ||||
| CVE-2020-22724 | 1 Mercury | 4 Mer1200, Mer1200 Firmware, Mer1200g and 1 more | 2024-11-21 | 9.8 Critical |
| A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. | ||||