Export limit exceeded: 364911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15540 | 1 We-com | 1 Opendata Cms | 2024-11-21 | 9.8 Critical |
| We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. | ||||
| CVE-2020-15539 | 1 We-com | 1 Municipality Portal Cms | 2024-11-21 | 9.8 Critical |
| SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. | ||||
| CVE-2020-15538 | 1 We-com | 1 Municipality Portal Cms | 2024-11-21 | 6.1 Medium |
| XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. | ||||
| CVE-2020-15537 | 1 Vanguard Project | 1 Vanguard | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | ||||
| CVE-2020-15536 | 1 Online Hotel Booking System Project | 1 Online Hotel Booking System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. | ||||
| CVE-2020-15535 | 1 Bestsoftinc | 1 Car Rental System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. | ||||
| CVE-2020-15533 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | ||||
| CVE-2020-15532 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 6.5 Medium |
| Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | ||||
| CVE-2020-15531 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 8.8 High |
| Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | ||||
| CVE-2020-15530 | 1 Valvesoftware | 1 Steam Client | 2024-11-21 | 7.8 High |
| An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks. | ||||
| CVE-2020-15529 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks. | ||||
| CVE-2020-15528 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks. | ||||
| CVE-2020-15526 | 1 Red-gate | 1 Sql Monitor | 2024-11-21 | 5.9 Medium |
| In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7. | ||||
| CVE-2020-15525 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | ||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2024-11-21 | 7.8 High |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | ||||
| CVE-2020-15521 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | ||||
| CVE-2020-15518 | 1 Veeam | 2 Veeam Availability Suite, Veeam Backup \& Replication | 2024-11-21 | 8.8 High |
| VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | ||||
| CVE-2020-15517 | 1 Faceted Search Project | 1 Faceted Search | 2024-11-21 | 5.4 Medium |
| The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. | ||||
| CVE-2020-15516 | 1 Mm Forum Project | 1 Mm Forum | 2024-11-21 | 5.4 Medium |
| The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | ||||
| CVE-2020-15515 | 1 Turn\! Project | 1 Turn\! | 2024-11-21 | 8.8 High |
| The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution. | ||||