Export limit exceeded: 363527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21250 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 9.8 Critical |
| CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. | ||||
| CVE-2020-21244 | 1 Frontaccounting | 1 Frontaccounting | 2024-11-21 | 4.9 Medium |
| An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php. | ||||
| CVE-2020-21238 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | ||||
| CVE-2020-21237 | 1 8cms | 1 Ljcms | 2024-11-21 | 9.8 Critical |
| An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | ||||
| CVE-2020-21236 | 1 Damicms | 1 Damicms | 2024-11-21 | 8.8 High |
| A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | ||||
| CVE-2020-21228 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.1 Medium |
| JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | ||||
| CVE-2020-21224 | 1 Inspur | 1 Clusterengine | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server | ||||
| CVE-2020-21180 | 1 Koa2-blog Project | 1 Koa2-blog | 2024-11-21 | 9.8 Critical |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | ||||
| CVE-2020-21179 | 1 Koa2-blog Project | 1 Koa2-blog | 2024-11-21 | 9.8 Critical |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | ||||
| CVE-2020-21176 | 1 Thinkjs | 1 Thinkjs | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. | ||||
| CVE-2020-21161 | 1 Ruckuswireless | 2 Zonedirector, Zonedirector Firmware | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. | ||||
| CVE-2020-21147 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 4.8 Medium |
| RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. | ||||
| CVE-2020-21146 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 6.1 Medium |
| Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS. | ||||
| CVE-2020-21142 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. | ||||
| CVE-2020-21141 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 8.8 High |
| iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | ||||
| CVE-2020-21139 | 1 Ec Cloud E-commerce System Project | 1 Ec Cloud E-commerce System | 2024-11-21 | 6.5 Medium |
| EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. | ||||
| CVE-2020-21133 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | ||||
| CVE-2020-21132 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. | ||||
| CVE-2020-21131 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.2 High |
| SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. | ||||
| CVE-2020-21130 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. | ||||