Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14962 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2024-11-21 | 5.4 Medium |
| Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. | ||||
| CVE-2020-14961 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.3 Medium |
| Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | ||||
| CVE-2020-14960 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, | ||||
| CVE-2020-14959 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | 5.4 Medium |
| Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. | ||||
| CVE-2020-14958 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.5 Medium |
| In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | ||||
| CVE-2020-14957 | 1 Arswp | 1 Windows Cleanup Assistant | 2024-11-21 | 7.8 High |
| In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD. | ||||
| CVE-2020-14956 | 1 Arswp | 1 Windows Cleanup Assistant | 2024-11-21 | 7.8 High |
| In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA. | ||||
| CVE-2020-14955 | 1 Jiangmin | 1 Jiangmin Antivirus | 2024-11-21 | 5.5 Medium |
| In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. | ||||
| CVE-2020-14954 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.9 Medium |
| Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | ||||
| CVE-2020-14950 | 1 Aapanel | 1 Aapanel | 2024-11-21 | 8.8 High |
| aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | ||||
| CVE-2020-14947 | 1 Factorfx | 1 Open Computer Software Inventory Next Generation | 2024-11-21 | 8.8 High |
| OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. | ||||
| CVE-2020-14946 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 4.3 Medium |
| downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files. | ||||
| CVE-2020-14945 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data. | ||||
| CVE-2020-14944 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 9.8 Critical |
| Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. | ||||
| CVE-2020-14943 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 5.4 Medium |
| The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. | ||||
| CVE-2020-14942 | 1 Tendenci | 1 Tendenci | 2024-11-21 | 9.8 Critical |
| Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. | ||||
| CVE-2020-14940 | 1 Herac | 1 Tuxguitar | 2024-11-21 | 7.5 High |
| An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files. | ||||
| CVE-2020-14939 | 1 Freedroid | 1 Freedroidrpg | 2024-11-21 | 7.8 High |
| An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. | ||||
| CVE-2020-14938 | 1 Freedroid | 1 Freedroidrpg | 2024-11-21 | 9.8 Critical |
| An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. | ||||
| CVE-2020-14937 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 9.1 Critical |
| Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access in BER decoding and encoding functions. | ||||