Export limit exceeded: 347829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28851 | 2 Golang, Redhat | 5 Go, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28848 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 8.8 High |
| CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | ||||
| CVE-2020-28845 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.8 High |
| A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | ||||
| CVE-2020-28840 | 1 Matthiaswandel | 1 Jhead | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | ||||
| CVE-2020-28736 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | ||||
| CVE-2020-28735 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | ||||
| CVE-2020-28734 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | ||||
| CVE-2020-28723 | 1 Cloudavid | 1 Pparam | 2024-11-21 | 7.5 High |
| Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. | ||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | ||||
| CVE-2020-28695 | 1 Askey | 2 Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7, Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7 Firmware | 2024-11-21 | 8.8 High |
| Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | ||||
| CVE-2020-28693 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 8.8 High |
| An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | ||||
| CVE-2020-28692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | ||||
| CVE-2020-28688 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 8.8 High |
| The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28687 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 8.8 High |
| The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | ||||
| CVE-2020-28672 | 1 Monocms | 1 Monocms | 2024-11-21 | 7.2 High |
| MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE. | ||||
| CVE-2020-28649 | 1 Orbisius | 1 Child Theme Creator | 2024-11-21 | 8.8 High |
| The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. | ||||
| CVE-2020-28648 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | ||||
| CVE-2020-28646 | 1 Owncloud | 1 Owncloud Desktop Client | 2024-11-21 | 7.8 High |
| ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | ||||
| CVE-2020-28641 | 1 Malwarebytes | 2 Endpoint Protection, Malwarebytes | 2024-11-21 | 7.1 High |
| In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | ||||