Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363331 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18748 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. | ||||
| CVE-2020-18746 | 1 Aitecms | 1 Aitecms | 2024-11-21 | 7.2 High |
| SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php". | ||||
| CVE-2020-18741 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 5.3 Medium |
| Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." | ||||
| CVE-2020-18737 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. | ||||
| CVE-2020-18735 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2024-11-21 | 7.5 High |
| A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | ||||
| CVE-2020-18734 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2024-11-21 | 7.5 High |
| A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | ||||
| CVE-2020-18731 | 1 Iec104 Project | 1 Iec104 | 2024-11-21 | 7.5 High |
| A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2020-18730 | 1 Iec104 Project | 1 Iec104 | 2024-11-21 | 7.5 High |
| A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2020-18724 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 5.4 Medium |
| Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list. | ||||
| CVE-2020-18723 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities. | ||||
| CVE-2020-18717 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | ||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | ||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | ||||
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | ||||
| CVE-2020-18705 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 9.8 Critical |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | ||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | ||||
| CVE-2020-18703 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 9.8 Critical |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | ||||
| CVE-2020-18702 | 1 Quokka Project | 1 Quokka | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. | ||||
| CVE-2020-18701 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | ||||
| CVE-2020-18699 | 1 Talelin | 1 Lin-cms-flask | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. | ||||