Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19138 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". | ||||
| CVE-2020-19137 | 1 Autumn Project | 1 Autumn | 2024-11-21 | 7.5 High |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". | ||||
| CVE-2020-19131 | 3 Debian, Redhat, Simplesystems | 3 Debian Linux, Enterprise Linux, Libtiff | 2024-11-21 | 7.5 High |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||||
| CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | ||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | ||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19111 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | ||||
| CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19109 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19108 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19107 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19049 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | ||||
| CVE-2020-19048 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | ||||
| CVE-2020-19047 | 1 Iwebshop | 1 Iwebshop | 2024-11-21 | 8.8 High |
| Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | ||||
| CVE-2020-19046 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | ||||
| CVE-2020-19042 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | ||||
| CVE-2020-19038 | 1 Halo | 1 Halo | 2024-11-21 | 9.1 Critical |
| File Deletion vulnerability in Halo 0.4.3 via delBackup. | ||||
| CVE-2020-19037 | 1 Halo | 1 Halo | 2024-11-21 | 5.3 Medium |
| Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | ||||
| CVE-2020-19007 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. | ||||