Export limit exceeded: 337711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 34253 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34253 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36157 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 10 Critical |
| An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges. | ||||
| CVE-2020-36066 | 1 Gjson Project | 1 Gjson | 2024-11-21 | 7.5 High |
| GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON. | ||||
| CVE-2020-36037 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 8.8 High |
| An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | ||||
| CVE-2020-36009 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 7.5 High |
| OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability. | ||||
| CVE-2020-36008 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 8.1 High |
| OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability. | ||||
| CVE-2020-36006 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.5 Medium |
| AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | ||||
| CVE-2020-36005 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.5 Medium |
| AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | ||||
| CVE-2020-35962 | 1 Loopring | 1 Loopring | 2024-11-21 | 7.5 High |
| The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation. | ||||
| CVE-2020-35952 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.5 Medium |
| login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. | ||||
| CVE-2020-35935 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.5 High |
| The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | ||||
| CVE-2020-35927 | 1 Thex Project | 1 Thex | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | ||||
| CVE-2020-35925 | 1 Magnetic Project | 1 Magnetic | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | ||||
| CVE-2020-35922 | 1 Mio Project | 1 Mio | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35921 | 1 Miow Project | 1 Miow | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35920 | 1 Rust-lang | 1 Socket2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35919 | 1 Net2 Project | 1 Net2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35918 | 1 Hakobaito | 1 Branca | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. | ||||
| CVE-2020-35915 | 1 Futures-intrusive Project | 1 Futures-intrusive | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. | ||||
| CVE-2020-35910 | 1 Lock Api Project | 1 Lock Api | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | ||||
| CVE-2020-35909 | 1 Protocol | 1 Multihash | 2024-11-21 | 7.5 High |
| An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. | ||||