Export limit exceeded: 10404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10404 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23313 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 | ||||
| CVE-2020-23312 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. | ||||
| CVE-2020-23311 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. | ||||
| CVE-2020-23310 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. | ||||
| CVE-2020-23309 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. | ||||
| CVE-2020-23308 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. | ||||
| CVE-2020-23182 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. | ||||
| CVE-2020-23171 | 1 Nim-lang | 1 Nim-lang | 2024-11-21 | 5.5 Medium |
| A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | ||||
| CVE-2020-23140 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.1 High |
| Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active. | ||||
| CVE-2020-23136 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.5 Medium |
| Microweber v1.1.18 is affected by no session expiry after log-out. | ||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | ||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | ||||
| CVE-2020-22784 | 1 Etherpad | 1 Ueberdb | 2024-11-21 | 7.5 High |
| In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | ||||
| CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.5 Medium |
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | ||||
| CVE-2020-21998 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.1 Medium |
| In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. | ||||
| CVE-2020-21641 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 7.5 High |
| Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | ||||
| CVE-2020-21524 | 1 Halo | 1 Halo | 2024-11-21 | 9.1 Critical |
| There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423 | ||||
| CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 7.5 High |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | ||||
| CVE-2020-21363 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability exists within Maccms10. | ||||
| CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | ||||