Export limit exceeded: 364989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364989 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18324 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | ||||
| CVE-2020-18268 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.1 Medium |
| Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." | ||||
| CVE-2020-18265 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | ||||
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | ||||
| CVE-2020-18263 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 7.5 High |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18262 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | ||||
| CVE-2020-18261 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | ||||
| CVE-2020-18259 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 6.1 Medium |
| ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. | ||||
| CVE-2020-18232 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | ||||
| CVE-2020-18230 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | ||||
| CVE-2020-18229 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | ||||
| CVE-2020-18221 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | ||||
| CVE-2020-18220 | 1 Html-js | 1 Doracms | 2024-11-21 | 7.5 High |
| Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | ||||
| CVE-2020-18215 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 8.8 High |
| Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | ||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | ||||
| CVE-2020-18194 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | ||||
| CVE-2020-18191 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 9.1 Critical |
| GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | ||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 9.8 Critical |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||||