Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18221 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | ||||
| CVE-2020-18220 | 1 Html-js | 1 Doracms | 2024-11-21 | 7.5 High |
| Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | ||||
| CVE-2020-18215 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 8.8 High |
| Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | ||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | ||||
| CVE-2020-18194 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | ||||
| CVE-2020-18191 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 9.1 Critical |
| GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | ||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 9.8 Critical |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||||
| CVE-2020-18184 | 1 Pluxxml | 1 Pluxxml | 2024-11-21 | 7.2 High |
| In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | ||||
| CVE-2020-18178 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 9.8 Critical |
| Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | ||||
| CVE-2020-18175 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | ||||
| CVE-2020-18174 | 1 Autohotkey | 1 Autohotkey | 2024-11-21 | 9.8 Critical |
| A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. | ||||
| CVE-2020-18173 | 1 1password | 1 1password | 2024-11-21 | 7.8 High |
| A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | ||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2024-11-21 | 9.8 Critical |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | ||||
| CVE-2020-18170 | 1 Abloy | 1 Key Manager | 2024-11-21 | 9.8 Critical |
| An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. | ||||
| CVE-2020-18167 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu". | ||||
| CVE-2020-18166 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 9.8 Critical |
| Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | ||||
| CVE-2020-18165 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". | ||||
| CVE-2020-18164 | 1 Tp-shop | 1 Tp-shop | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. | ||||