Export limit exceeded: 76372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18336 | 1 Typora | 1 Typora | 2024-11-21 | 7.4 High |
| Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | ||||
| CVE-2020-18326 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | ||||
| CVE-2020-18265 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | ||||
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | ||||
| CVE-2020-18263 | 1 Php-cms Project | 1 Php-cms | 2024-11-21 | 7.5 High |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. | ||||
| CVE-2020-18232 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | ||||
| CVE-2020-18220 | 1 Html-js | 1 Doracms | 2024-11-21 | 7.5 High |
| Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | ||||
| CVE-2020-18215 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 8.8 High |
| Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | ||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | ||||
| CVE-2020-18184 | 1 Pluxxml | 1 Pluxxml | 2024-11-21 | 7.2 High |
| In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | ||||
| CVE-2020-18173 | 1 1password | 1 1password | 2024-11-21 | 7.8 High |
| A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | ||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-11-21 | 8.8 High |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | ||||
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-11-21 | 7.8 High |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | ||||
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | ||||
| CVE-2020-18129 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | ||||
| CVE-2020-18121 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 8.8 High |
| A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. | ||||
| CVE-2020-18116 | 1 Youdiancms | 1 Youdiancms | 2024-11-21 | 8.8 High |
| A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. | ||||
| CVE-2020-18081 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 7.5 High |
| The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | ||||
| CVE-2020-18077 | 1 Ftpshell | 1 Ftpshell Server | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). | ||||