Export limit exceeded: 79420 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79420 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26773 | 1 Restaurant Reservation System Project | 1 Restaurant Reservation System | 2024-11-21 | 8.8 High |
| Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php. | ||||
| CVE-2020-26766 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. | ||||
| CVE-2020-26763 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 7.5 High |
| The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. | ||||
| CVE-2020-26732 | 1 Skyworth | 3 Gn542vf, Gn542vf Boa, Gn542vf Boa Firmware | 2024-11-21 | 7.5 High |
| SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | ||||
| CVE-2020-26682 | 1 Libass Project | 1 Libass | 2024-11-21 | 8.8 High |
| In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. | ||||
| CVE-2020-26678 | 1 Vfairs | 1 Vfairs | 2024-11-21 | 8.8 High |
| vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution. | ||||
| CVE-2020-26677 | 1 Vfairs | 1 Vfairs | 2024-11-21 | 8.8 High |
| Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. | ||||
| CVE-2020-26670 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 8.8 High |
| A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function. | ||||
| CVE-2020-26668 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function. | ||||
| CVE-2020-26664 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 7.8 High |
| A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | ||||
| CVE-2020-26652 | 2 Aircrack-ng, Realtek | 3 Aircrack-ng, Rtl8812au, Rtl8812au Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | ||||
| CVE-2020-26649 | 1 Atomx | 1 Atomxcms 2 | 2024-11-21 | 8.1 High |
| AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | ||||
| CVE-2020-26641 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | ||||
| CVE-2020-26606 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). | ||||
| CVE-2020-26605 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020). | ||||
| CVE-2020-26604 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). | ||||
| CVE-2020-26602 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). | ||||
| CVE-2020-26601 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020). | ||||
| CVE-2020-26600 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). | ||||
| CVE-2020-26598 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020). | ||||