Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18735 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2024-11-21 | 7.5 High |
| A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | ||||
| CVE-2020-18734 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2024-11-21 | 7.5 High |
| A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | ||||
| CVE-2020-18731 | 1 Iec104 Project | 1 Iec104 | 2024-11-21 | 7.5 High |
| A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2020-18730 | 1 Iec104 Project | 1 Iec104 | 2024-11-21 | 7.5 High |
| A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2020-18724 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 5.4 Medium |
| Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list. | ||||
| CVE-2020-18723 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities. | ||||
| CVE-2020-18717 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | ||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | ||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | ||||
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | ||||
| CVE-2020-18705 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 9.8 Critical |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | ||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | ||||
| CVE-2020-18703 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 9.8 Critical |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | ||||
| CVE-2020-18702 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. | ||||
| CVE-2020-18701 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | ||||
| CVE-2020-18699 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. | ||||
| CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 9.8 Critical |
| Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | ||||
| CVE-2020-18694 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". | ||||
| CVE-2020-18693 | 1 Mineweb | 1 Minewebcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'. | ||||
| CVE-2020-18685 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | ||||