Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363673 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22428 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 4.8 Medium |
| SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. | ||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time | ||||
| CVE-2020-22425 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | ||||
| CVE-2020-22421 | 1 74cms | 1 74cms | 2024-11-21 | 6.1 Medium |
| 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. | ||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | ||||
| CVE-2020-22394 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-22392 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. | ||||
| CVE-2020-22390 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 8.8 High |
| Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened. | ||||
| CVE-2020-22352 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||||
| CVE-2020-22345 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. | ||||
| CVE-2020-22336 | 1 Pdfcrack Project | 1 Pdfcrack | 2024-11-21 | 9.8 Critical |
| An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function. | ||||
| CVE-2020-22330 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. | ||||
| CVE-2020-22312 | 1 Hznuoj Project | 1 Hznuoj | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0. | ||||
| CVE-2020-22284 | 1 Lwip Project | 1 Lwip | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet. | ||||
| CVE-2020-22283 | 1 Lwip Project | 1 Lwip | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet. | ||||
| CVE-2020-22278 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 8.8 High |
| phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents. | ||||
| CVE-2020-22277 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | 8.0 High |
| Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | ||||
| CVE-2020-22276 | 1 Weformspro | 1 Weforms | 2024-11-21 | 9.8 Critical |
| WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. | ||||
| CVE-2020-22275 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2024-11-21 | 8.8 High |
| Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. | ||||
| CVE-2020-22274 | 1 Jomsocial | 1 Jomsocial | 2024-11-21 | 9.8 Critical |
| JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile. | ||||