Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18999 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. | ||||
| CVE-2020-18998 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. | ||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | ||||
| CVE-2020-18984 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | ||||
| CVE-2020-18982 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | ||||
| CVE-2020-18980 | 1 Halo | 1 Halo | 2024-11-21 | 9.8 Critical |
| Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | ||||
| CVE-2020-18979 | 1 Halo | 1 Halo | 2024-11-21 | 6.1 Medium |
| Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | ||||
| CVE-2020-18976 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.5 Medium |
| Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. | ||||
| CVE-2020-18974 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 3.3 Low |
| Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | ||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 5.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | ||||
| CVE-2020-18971 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 5.5 Medium |
| Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | ||||
| CVE-2020-18964 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | ||||
| CVE-2020-18917 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | ||||
| CVE-2020-18913 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 7.5 High |
| EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18912 | 1 Earcms | 1 Ear | 2024-11-21 | 9.8 Critical |
| An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | ||||
| CVE-2020-18900 | 1 Libexe Project | 1 Libexe | 2024-11-21 | 3.3 Low |
| A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub | ||||
| CVE-2020-18899 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.5 Medium |
| An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. | ||||
| CVE-2020-18898 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | ||||
| CVE-2020-18897 | 1 Libpff Project | 1 Libpff | 2024-11-21 | 7.8 High |
| An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file. | ||||
| CVE-2020-18890 | 1 Puppycms | 1 Puppycms | 2024-11-21 | 9.8 Critical |
| Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php. | ||||