Export limit exceeded: 366300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37254 | 1 Wondershare | 1 Pdfelement | 2026-07-15 | 7.8 High |
| Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot. | ||||
| CVE-2020-37236 | 1 Netartmedia | 1 News Lister | 2026-07-15 | 6.4 Medium |
| NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users. | ||||
| CVE-2020-37226 | 1 Joomsky | 2 J2 Jobs, Js Jobs | 2026-07-15 | 7.1 High |
| Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools. | ||||
| CVE-2020-37224 | 1 Joomsky | 2 J2 Jobs, Js Jobs | 2026-07-15 | 7.1 High |
| Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information. | ||||
| CVE-2020-37216 | 1 Belden | 1 Hirschmann Hios | 2026-07-15 | 7.5 High |
| Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable. | ||||
| CVE-2020-37137 | 1 Php-fusion | 2 Php-fusion, Phpfusion | 2026-07-15 | 6.1 Medium |
| PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code. | ||||
| CVE-2020-37136 | 2 Ejinshan, Emtec | 2 Terminal Security System, Zoc Terminal | 2026-07-15 | 7.5 High |
| ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files. | ||||
| CVE-2020-37130 | 2 Nsasoft, Nsauditor | 2 Nsauditor, Nsauditor | 2026-07-15 | 7.5 High |
| Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field. | ||||
| CVE-2020-37128 | 2 Ejinshan, Emtec | 2 Terminal Security System, Zoc Terminal | 2026-07-15 | 6.2 Medium |
| ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service. | ||||
| CVE-2020-37071 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-07-15 | 9.8 Critical |
| CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download functionality with a specially crafted request. | ||||
| CVE-2020-37010 | 2 Bearshare, Musiclab-llc | 2 Bearshare Lite, Bearshare | 2026-07-15 | 9.8 Critical |
| BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field. | ||||
| CVE-2020-37004 | 2 Codexcube, Rise | 2 Ultimate Project Manager Crm Pro, Ultimate Project Manager | 2026-07-15 | 8.2 High |
| The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques. | ||||
| CVE-2020-36975 | 1 Epson | 1 Status Monitor 3 | 2026-07-15 | 7.8 High |
| EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36970 | 1 Pmb Services | 2 Pmb, Pmb Services | 2026-07-15 | 8.4 High |
| PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint. | ||||
| CVE-2020-36957 | 2 Campcodes, Pdfcomplete | 2 Complete Online Dj Booking System, Pdf Complete | 2026-07-15 | 7.8 High |
| PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. | ||||
| CVE-2020-36910 | 1 Cayintech | 1 Smp-pro4 | 2026-07-15 | 8.8 High |
| Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root. | ||||
| CVE-2020-36909 | 1 Securecomputing | 2 Snapgear Sg560, Snapgear Sg560 Firmware | 2026-07-15 | 6.5 Medium |
| SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory. | ||||
| CVE-2020-36908 | 1 Securecomputing | 2 Snapgear Sg560, Snapgear Sg560 Firmware | 2026-07-15 | 5.3 Medium |
| SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page. | ||||
| CVE-2019-25763 | 3 Brainstormforce, Ultimatebeaver, Wordpress | 3 Ultimate Addons For Beaver Builder, Ultimate Addons For Beaver Builder, Wordpress | 2026-07-15 | 9.8 Critical |
| WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user. | ||||
| CVE-2019-25752 | 1 Cmsjunkie | 1 J-businessdirectory | 2026-07-15 | 8.2 High |
| Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the option=com_jbusinessdirectory&task=categories.getCategories parameters and inject UNION-based SQL statements in the type parameter to extract database information including schema names and sensitive data. | ||||