Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18717 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | ||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | ||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | ||||
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | ||||
| CVE-2020-18705 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 9.8 Critical |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | ||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | ||||
| CVE-2020-18703 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 9.8 Critical |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | ||||
| CVE-2020-18702 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. | ||||
| CVE-2020-18701 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | ||||
| CVE-2020-18699 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. | ||||
| CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 9.8 Critical |
| Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | ||||
| CVE-2020-18694 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile". | ||||
| CVE-2020-18693 | 1 Mineweb | 1 Minewebcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'. | ||||
| CVE-2020-18685 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | ||||
| CVE-2020-18684 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | ||||
| CVE-2020-18683 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | ||||
| CVE-2020-18671 | 1 Roundcube | 1 Webmail | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | ||||
| CVE-2020-18670 | 1 Roundcube | 1 Webmail | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | ||||
| CVE-2020-18668 | 1 Webport | 1 Web Port | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. | ||||
| CVE-2020-18667 | 1 Webport | 1 Webport | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. | ||||