Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21495 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. | ||||
| CVE-2020-21494 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. | ||||
| CVE-2020-21493 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 5.3 Medium |
| An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | ||||
| CVE-2020-21490 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. | ||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | ||||
| CVE-2020-21482 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module | ||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. | ||||
| CVE-2020-21480 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 7.2 High |
| An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2020-21469 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 4.4 Medium |
| An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account). | ||||
| CVE-2020-21452 | 1 Uniview | 2 Isc2500-s, Isc2500-s Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload | ||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | ||||
| CVE-2020-21431 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 Medium |
| HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | ||||
| CVE-2020-21426 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | ||||
| CVE-2020-21406 | 2 Rk Max Smart Tv Box Project, V88 Smart Tv Box Project | 4 Rk Max Smart Tv Box, Rk Max Smart Tv Box Firmware, V88 Smart Tv Box and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service. | ||||
| CVE-2020-21405 | 1 H96tvbox | 2 H96 Pro Plus, H96 Pro Plus Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk | ||||
| CVE-2020-21394 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. | ||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | ||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | ||||
| CVE-2020-21378 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. | ||||
| CVE-2020-21377 | 1 Yunyecms | 1 Yunyecms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. | ||||