Export limit exceeded: 347217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23793 | 1 Spice-space | 1 Spice-server | 2024-11-21 | 8.6 High |
| An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | ||||
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 7.5 High |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | ||||
| CVE-2020-23768 | 1 Phpyun | 1 Phpyun | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers. | ||||
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | ||||
| CVE-2020-23740 | 1 Drivergenius | 1 Drivergenius | 2024-11-21 | 7.8 High |
| In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | ||||
| CVE-2020-23735 | 1 Saibo | 1 Cyber Game Accelerator | 2024-11-21 | 7.8 High |
| In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges | ||||
| CVE-2020-23722 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters. | ||||
| CVE-2020-23715 | 1 Webport Cms Project | 1 Webport Cms | 2024-11-21 | 8.6 High |
| Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | ||||
| CVE-2020-23686 | 1 Ayacms Project | 1 Ayacms | 2024-11-21 | 8.8 High |
| Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | ||||
| CVE-2020-23680 | 1 Text2pdf Project | 1 Text2pdf | 2024-11-21 | 7.8 High |
| An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | ||||
| CVE-2020-23630 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 8.8 High |
| A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | ||||
| CVE-2020-23622 | 1 Cling Project | 1 Cling | 2024-11-21 | 7.5 High |
| An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | ||||
| CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | ||||
| CVE-2020-23575 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-11-21 | 7.5 High |
| A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. | ||||
| CVE-2020-23572 | 1 Beescms | 1 Beescms | 2024-11-21 | 8.8 High |
| BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | ||||
| CVE-2020-23565 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850". | ||||
| CVE-2020-23564 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 7.2 High |
| File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | ||||
| CVE-2020-23560 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. | ||||
| CVE-2020-23559 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. | ||||
| CVE-2020-23558 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. | ||||