Export limit exceeded: 363261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19002 | 1 Jupo | 1 Mezzanine | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632. | ||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 9.8 Critical |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | ||||
| CVE-2020-19000 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'. | ||||
| CVE-2020-18999 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. | ||||
| CVE-2020-18998 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. | ||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | ||||
| CVE-2020-18984 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | ||||
| CVE-2020-18982 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | ||||
| CVE-2020-18980 | 1 Halo | 1 Halo | 2024-11-21 | 9.8 Critical |
| Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | ||||
| CVE-2020-18979 | 1 Halo | 1 Halo | 2024-11-21 | 6.1 Medium |
| Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | ||||
| CVE-2020-18976 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.5 Medium |
| Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. | ||||
| CVE-2020-18974 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 3.3 Low |
| Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | ||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 5.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | ||||
| CVE-2020-18971 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 5.5 Medium |
| Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | ||||
| CVE-2020-18964 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | ||||
| CVE-2020-18917 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | ||||
| CVE-2020-18913 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 7.5 High |
| EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18912 | 1 Earcms | 1 Ear | 2024-11-21 | 9.8 Critical |
| An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | ||||
| CVE-2020-18900 | 1 Libexe Project | 1 Libexe | 2024-11-21 | 3.3 Low |
| A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub | ||||
| CVE-2020-18899 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.5 Medium |
| An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. | ||||