Export limit exceeded: 76376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76376 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19215 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | ||||
| CVE-2020-19199 | 1 Phpok | 1 Phpok | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19159 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | ||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.8 High |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.8 High |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | ||||
| CVE-2020-19150 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.1 High |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2020-19137 | 1 Autumn Project | 1 Autumn | 2024-11-21 | 7.5 High |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". | ||||
| CVE-2020-19131 | 3 Debian, Redhat, Simplesystems | 3 Debian Linux, Enterprise Linux, Libtiff | 2024-11-21 | 7.5 High |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||||
| CVE-2020-19047 | 1 Iwebshop | 1 Iwebshop | 2024-11-21 | 8.8 High |
| Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | ||||
| CVE-2020-18964 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | ||||
| CVE-2020-18917 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | ||||
| CVE-2020-18913 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 7.5 High |
| EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18897 | 1 Libpff Project | 1 Libpff | 2024-11-21 | 7.8 High |
| An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file. | ||||
| CVE-2020-18888 | 1 Puppycms | 1 Puppycms | 2024-11-21 | 7.5 High |
| Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php. | ||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | ||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | ||||
| CVE-2020-18877 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 High |
| SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. | ||||
| CVE-2020-18875 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 8.8 High |
| Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | ||||
| CVE-2020-18831 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. | ||||
| CVE-2020-18771 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-11-21 | 8.1 High |
| Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | ||||