Export limit exceeded: 79383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79383 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25465 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25464 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. | ||||
| CVE-2020-25463 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25461 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2024-11-21 | 7.5 High |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | ||||
| CVE-2020-25453 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | ||||
| CVE-2020-25445 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 7.8 High |
| The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. | ||||
| CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2024-11-21 | 7.3 High |
| app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | ||||
| CVE-2020-25400 | 1 Taskcafe Project | 1 Taskcafe | 2024-11-21 | 7.5 High |
| Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. | ||||
| CVE-2020-25399 | 1 Mind | 1 Imind Server | 2024-11-21 | 7.8 High |
| Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | ||||
| CVE-2020-25398 | 1 Mind | 1 Imind Server | 2024-11-21 | 8.8 High |
| CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | ||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2024-11-21 | 8.8 High |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | ||||
| CVE-2020-25362 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 7.5 High |
| The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. | ||||
| CVE-2020-25291 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 7.8 High |
| GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. | ||||
| CVE-2020-25287 | 1 Pligg Project | 1 Pligg | 2024-11-21 | 7.2 High |
| Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | ||||
| CVE-2020-25281 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). | ||||
| CVE-2020-25276 | 1 Primekey | 1 Ejbca | 2024-11-21 | 7.3 High |
| An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) | ||||
| CVE-2020-25275 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-11-21 | 7.5 High |
| Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | ||||
| CVE-2020-25268 | 1 Ilias | 1 Ilias | 2024-11-21 | 8.8 High |
| Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | ||||
| CVE-2020-25263 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | 7.1 High |
| PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. | ||||