Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18102 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php". | ||||
| CVE-2020-18084 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. | ||||
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 7.5 High |
| The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | ||||
| CVE-2020-18078 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 9.8 Critical |
| A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password. | ||||
| CVE-2020-18077 | 1 Ftpshell | 1 Ftpshell Server | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). | ||||
| CVE-2020-18070 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 9.1 Critical |
| Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | ||||
| CVE-2020-18066 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. | ||||
| CVE-2020-18065 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu. | ||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2024-11-21 | 9.8 Critical |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | ||||
| CVE-2020-18035 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". | ||||
| CVE-2020-18032 | 4 Debian, Fedoraproject, Graphviz and 1 more | 4 Debian Linux, Fedora, Graphviz and 1 more | 2024-11-21 | 7.8 High |
| Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. | ||||
| CVE-2020-18022 | 1 Qibosoft | 1 Qibocms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. | ||||
| CVE-2020-18020 | 1 Phpshe | 1 Mall System | 2024-11-21 | 9.8 Critical |
| SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. | ||||
| CVE-2020-18019 | 1 Xinfu | 1 Oa System | 2024-11-21 | 7.5 High |
| SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component. | ||||
| CVE-2020-18013 | 1 Whatsns | 1 Whatsns | 2024-11-21 | 9.8 Critical |
| SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. | ||||
| CVE-2020-17999 | 1 1234n | 1 Minicms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php". | ||||
| CVE-2020-17952 | 1 Twothink Project | 1 Twothink | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code. | ||||
| CVE-2020-17901 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | ||||
| CVE-2020-17891 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2024-11-21 | 6.1 Medium |
| TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. | ||||
| CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2024-11-21 | 8.8 High |
| An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | ||||