Export limit exceeded: 10046 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10046 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2024-11-21 | 8.8 High |
| vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | ||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2024-11-21 | 8.8 High |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2024-11-21 | 8.8 High |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2024-11-21 | 8.8 High |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2024-11-21 | 8.8 High |
| Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2167 | 2 Jenkins, Redhat | 2 Openshift Pipeline, Openshift | 2024-11-21 | 8.8 High |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2024-11-21 | 8.8 High |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2123 | 1 Jenkins | 1 Radargun | 2024-11-21 | 8.8 High |
| Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2121 | 1 Jenkins | 1 Google Kubernetes Engine | 2024-11-21 | 8.8 High |
| Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | ||||
| CVE-2020-28926 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2024-11-21 | 9.8 Critical |
| ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. | ||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 9.8 Critical |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | ||||
| CVE-2020-28695 | 1 Askey | 2 Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7, Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7 Firmware | 2024-11-21 | 8.8 High |
| Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | ||||
| CVE-2020-28653 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | ||||
| CVE-2020-28592 | 1 Cosori | 2 Cs158-af, Cs158-af Firmware | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||||
| CVE-2020-28578 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||||