Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21426 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | ||||
| CVE-2020-21406 | 2 Rk Max Smart Tv Box Project, V88 Smart Tv Box Project | 4 Rk Max Smart Tv Box, Rk Max Smart Tv Box Firmware, V88 Smart Tv Box and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service. | ||||
| CVE-2020-21405 | 1 H96tvbox | 2 H96 Pro Plus, H96 Pro Plus Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk | ||||
| CVE-2020-21394 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. | ||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | ||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | ||||
| CVE-2020-21378 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | ||||
| CVE-2020-21377 | 1 Yunyecms | 1 Yunyecms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. | ||||
| CVE-2020-21365 | 2 Debian, Wkhtmltopdf | 2 Debian Linux, Wkhtmltopdf | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | ||||
| CVE-2020-21363 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability exists within Maccms10. | ||||
| CVE-2020-21362 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | ||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | ||||
| CVE-2020-21358 | 1 Wagecms Project | 1 Wage-cms | 2024-11-21 | 6.5 Medium |
| A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | ||||
| CVE-2020-21357 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.1 Medium |
| A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field. | ||||
| CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | ||||
| CVE-2020-21353 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. | ||||
| CVE-2020-21345 | 1 Halo | 1 Halo | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2020-21342 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | ||||
| CVE-2020-21333 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | ||||
| CVE-2020-21322 | 1 Feehi | 1 Feehicms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file. | ||||