Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20693 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | ||||
| CVE-2020-20692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | ||||
| CVE-2020-20691 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 6.5 Medium |
| An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. | ||||
| CVE-2020-20675 | 1 Nuishop | 1 Nuishop | 2024-11-21 | 9.8 Critical |
| Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | ||||
| CVE-2020-20672 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 7.8 High |
| An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | ||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | ||||
| CVE-2020-20670 | 1 Zkea | 1 Zkeacms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file. | ||||
| CVE-2020-20665 | 1 Rudp Project | 1 Rudp | 2024-11-21 | 7.5 High |
| rudp v0.6 was discovered to contain a memory leak in the component main.c. | ||||
| CVE-2020-20664 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2024-11-21 | 6.5 Medium |
| libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c. | ||||
| CVE-2020-20663 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2024-11-21 | 6.5 Medium |
| libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. | ||||
| CVE-2020-20662 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2024-11-21 | 6.5 Medium |
| libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c. | ||||
| CVE-2020-20658 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2024-11-21 | 7.5 High |
| Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space. | ||||
| CVE-2020-20657 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2024-11-21 | 7.5 High |
| Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect. | ||||
| CVE-2020-20645 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. | ||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | ||||
| CVE-2020-20640 | 1 Shopex | 1 Ecshop | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. | ||||
| CVE-2020-20634 | 1 Elementor | 1 Website Builder | 2024-11-21 | 6.5 Medium |
| Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. | ||||
| CVE-2020-20633 | 1 Cookielawinfo | 1 Gdpr Cookie Consent | 2024-11-21 | 5.4 Medium |
| ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. | ||||
| CVE-2020-20628 | 1 Appsaloon | 1 Wp-gdpr | 2024-11-21 | 6.1 Medium |
| controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. | ||||
| CVE-2020-20627 | 1 Givewp | 1 Givewp | 2024-11-21 | 5.3 Medium |
| The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. | ||||