Export limit exceeded: 79906 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79906 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7769 | 1 Nodemailer | 1 Nodemailer | 2024-11-21 | 8.6 High |
| This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. | ||||
| CVE-2020-7768 | 1 Grpc | 1 Grpc | 2024-11-21 | 7.5 High |
| The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | ||||
| CVE-2020-7766 | 1 Json-ptr Project | 1 Json-ptr | 2024-11-21 | 7.3 High |
| This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution. | ||||
| CVE-2020-7763 | 1 Jsreport | 1 Phantom-html-to-pdf | 2024-11-21 | 7.5 High |
| This affects the package phantom-html-to-pdf before 0.6.1. | ||||
| CVE-2020-7758 | 1 Browserless | 1 Chrome | 2024-11-21 | 7.5 High |
| This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. | ||||
| CVE-2020-7754 | 2 Npmjs, Redhat | 3 Npm-user-validate, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. | ||||
| CVE-2020-7753 | 1 Trim Project | 1 Trim | 2024-11-21 | 7.5 High |
| All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | ||||
| CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 8.8 High |
| This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | ||||
| CVE-2020-7749 | 1 Osm-static-maps Project | 1 Osm-static-maps | 2024-11-21 | 7.6 High |
| This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read. | ||||
| CVE-2020-7746 | 2 Chartjs, Redhat | 2 Chart.js, Jboss Enterprise Bpms Platform | 2024-11-21 | 7.5 High |
| This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. | ||||
| CVE-2020-7745 | 1 Mintegral | 1 Mintegraladsdk | 2024-11-21 | 7.1 High |
| This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device. | ||||
| CVE-2020-7743 | 2 Mathjs, Redhat | 2 Mathjs, Ansible Tower | 2024-11-21 | 7.3 High |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | ||||
| CVE-2020-7742 | 1 Simpl-schema Project | 1 Simpl-schema | 2024-11-21 | 7.5 High |
| This affects the package simpl-schema before 1.10.2. | ||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2024-11-21 | 8.2 High |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | ||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-11-21 | 8.2 High |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | ||||
| CVE-2020-7738 | 1 Shiba Project | 1 Shiba | 2024-11-21 | 8.3 High |
| All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). | ||||
| CVE-2020-7737 | 1 Safetydance Project | 1 Safetydance | 2024-11-21 | 7.3 High |
| All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7736 | 1 Bmoor Project | 1 Bmoor | 2024-11-21 | 7.3 High |
| The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7734 | 1 Arachnys | 1 Cabot | 2024-11-21 | 8.2 High |
| All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | ||||
| CVE-2020-7733 | 3 Oracle, Redhat, Ua-parser-js Project | 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js | 2024-11-21 | 7.5 High |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | ||||