Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18125 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 5.7 Medium |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | ||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | ||||
| CVE-2020-18121 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 8.8 High |
| A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. | ||||
| CVE-2020-18116 | 1 Youdiancms | 1 Youdiancms | 2024-11-21 | 8.8 High |
| A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. | ||||
| CVE-2020-18114 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | ||||
| CVE-2020-18106 | 1 Wms Project | 1 Wms | 2024-11-21 | 9.8 Critical |
| The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. | ||||
| CVE-2020-18102 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php". | ||||
| CVE-2020-18084 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. | ||||
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 7.5 High |
| The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | ||||
| CVE-2020-18078 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 9.8 Critical |
| A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password. | ||||
| CVE-2020-18077 | 1 Ftpshell | 1 Ftpshell Server | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). | ||||
| CVE-2020-18070 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 9.1 Critical |
| Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | ||||
| CVE-2020-18066 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. | ||||
| CVE-2020-18065 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu. | ||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2024-11-21 | 9.8 Critical |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | ||||
| CVE-2020-18035 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". | ||||
| CVE-2020-18032 | 4 Debian, Fedoraproject, Graphviz and 1 more | 4 Debian Linux, Fedora, Graphviz and 1 more | 2024-11-21 | 7.8 High |
| Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. | ||||
| CVE-2020-18022 | 1 Qibosoft | 1 Qibocms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. | ||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2024-11-21 | 9.8 Critical |
| SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. | ||||