Export limit exceeded: 79169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19957 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. | ||||
| CVE-2020-19954 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 High |
| An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | ||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | ||||
| CVE-2020-19907 | 1 Mitre | 1 Caldera | 2024-11-21 | 8.8 High |
| A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | ||||
| CVE-2020-19891 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 7.2 High |
| DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. | ||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 8.8 High |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | ||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 8.1 High |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | ||||
| CVE-2020-19878 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 7.5 High |
| DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | ||||
| CVE-2020-19861 | 1 Nlnetlabs | 1 Ldns | 2024-11-21 | 7.5 High |
| When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. | ||||
| CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2024-11-21 | 7.5 High |
| Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | ||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | ||||
| CVE-2020-19821 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. | ||||
| CVE-2020-19769 | 1 Rtb1 Project | 1 Rtb1 | 2024-11-21 | 7.5 High |
| A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19768 | 1 Tokensale Project | 1 Tokensale | 2024-11-21 | 7.5 High |
| A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19767 | 1 Zeroxracer Project | 1 Zeroxracer | 2024-11-21 | 7.5 High |
| A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19766 | 1 Tokenerc20 Project | 1 Tokenerc20 | 2024-11-21 | 7.5 High |
| The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. | ||||
| CVE-2020-19765 | 1 Proofofdiligencetoken Project | 1 Proofofdiligencetoken | 2024-11-21 | 7.5 High |
| An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | ||||
| CVE-2020-19752 | 2 Fedoraproject, Lcdf | 2 Fedora, Gifsicle | 2024-11-21 | 7.5 High |
| The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | ||||
| CVE-2020-19750 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.5 High |
| An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | ||||
| CVE-2020-19726 | 1 Gnu | 1 Binutils | 2024-11-21 | 8.8 High |
| An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | ||||