Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363286 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18263 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 7.5 High |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18262 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | ||||
| CVE-2020-18261 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | ||||
| CVE-2020-18259 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 6.1 Medium |
| ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. | ||||
| CVE-2020-18232 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | ||||
| CVE-2020-18230 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | ||||
| CVE-2020-18229 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | ||||
| CVE-2020-18221 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | ||||
| CVE-2020-18220 | 1 Html-js | 1 Doracms | 2024-11-21 | 7.5 High |
| Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | ||||
| CVE-2020-18215 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 8.8 High |
| Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | ||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | ||||
| CVE-2020-18194 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | ||||
| CVE-2020-18191 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 9.1 Critical |
| GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | ||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 9.8 Critical |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||||
| CVE-2020-18184 | 1 Pluxxml | 1 Pluxxml | 2024-11-21 | 7.2 High |
| In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | ||||
| CVE-2020-18178 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 9.8 Critical |
| Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | ||||
| CVE-2020-18175 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | ||||
| CVE-2020-18174 | 1 Autohotkey | 1 Autohotkey | 2024-11-21 | 9.8 Critical |
| A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. | ||||