Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19042 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | ||||
| CVE-2020-19038 | 1 Halo | 1 Halo | 2024-11-21 | 9.1 Critical |
| File Deletion vulnerability in Halo 0.4.3 via delBackup. | ||||
| CVE-2020-19037 | 1 Halo | 1 Halo | 2024-11-21 | 5.3 Medium |
| Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | ||||
| CVE-2020-19007 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. | ||||
| CVE-2020-19005 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 5.7 Medium |
| zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. | ||||
| CVE-2020-19003 | 1 Liftoffsoftware | 1 Gate One | 2024-11-21 | 5.3 Medium |
| An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | ||||
| CVE-2020-19002 | 1 Jupo | 1 Mezzanine | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632. | ||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 9.8 Critical |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | ||||
| CVE-2020-19000 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'. | ||||
| CVE-2020-18999 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. | ||||
| CVE-2020-18998 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. | ||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | ||||
| CVE-2020-18984 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | ||||
| CVE-2020-18982 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | ||||
| CVE-2020-18980 | 1 Halo | 1 Halo | 2024-11-21 | 9.8 Critical |
| Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | ||||
| CVE-2020-18979 | 1 Halo | 1 Halo | 2024-11-21 | 6.1 Medium |
| Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | ||||
| CVE-2020-18976 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.5 Medium |
| Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. | ||||
| CVE-2020-18974 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 3.3 Low |
| Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | ||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 5.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | ||||
| CVE-2020-18971 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 5.5 Medium |
| Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | ||||