Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18439 | 1 Phpok | 1 Phpok | 2024-11-21 | 9.1 Critical |
| An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | ||||
| CVE-2020-18438 | 1 Phpok | 1 Phpok | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | ||||
| CVE-2020-18430 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | 7.5 High |
| tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). | ||||
| CVE-2020-18428 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | 7.5 High |
| tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). | ||||
| CVE-2020-18395 | 1 Gnu | 1 Gama | 2024-11-21 | 7.5 High |
| A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | ||||
| CVE-2020-18392 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
| Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2020-18382 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | ||||
| CVE-2020-18378 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | ||||
| CVE-2020-18336 | 1 Typora | 1 Typora | 2024-11-21 | 7.4 High |
| Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | ||||
| CVE-2020-18327 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | ||||
| CVE-2020-18326 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | ||||
| CVE-2020-18325 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | ||||
| CVE-2020-18324 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | ||||
| CVE-2020-18268 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.1 Medium |
| Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." | ||||
| CVE-2020-18265 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | ||||
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | ||||
| CVE-2020-18263 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 7.5 High |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18262 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | ||||
| CVE-2020-18261 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | ||||
| CVE-2020-18259 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 6.1 Medium |
| ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. | ||||