Export limit exceeded: 352254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37105 | 2 Redmine, Sigb | 2 Pmb, Pmb | 2026-04-15 | 7.1 High |
| PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database. | ||||
| CVE-2020-37106 | 1 Bdtask | 1 Business Live Chat Software | 2026-04-15 | 5.3 Medium |
| Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters. | ||||
| CVE-2020-37108 | 1 Allhandsmarketing | 1 Phpix 2012 Professional | 2026-04-15 | 7.1 High |
| PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information. | ||||
| CVE-2020-37121 | 1 Codeblocks | 1 Code::blocks | 2026-04-15 | 5.5 Medium |
| CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution. | ||||
| CVE-2020-37122 | 1 Nsauditor | 1 Ftp Password Recover | 2026-04-15 | 7.5 High |
| SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash. | ||||
| CVE-2020-37124 | 1 4mhz | 1 B64dec | 2026-04-15 | 9.8 Critical |
| B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process. | ||||
| CVE-2020-37126 | 1 Drive Software Company | 1 Free Desktop Clock | 2026-04-15 | 9.8 Critical |
| Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code. | ||||
| CVE-2025-57605 | 1 Aikaan | 1 Iot Platform | 2026-04-15 | 8.8 High |
| Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department | ||||
| CVE-2020-37128 | 1 Emtec | 1 Zoc Terminal | 2026-04-15 | 6.2 Medium |
| ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service. | ||||
| CVE-2020-37129 | 1 Microvirt | 2 Memu, Memu Play | 2026-04-15 | 9.8 Critical |
| Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions. | ||||
| CVE-2025-69387 | 2 Whatwouldjessedo, Wordpress | 2 Simple Retail Menus, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through <= 4.2.1. | ||||
| CVE-2020-37135 | 3 Amss++ Project, Amss\+\+ Project, Amssplus | 3 Amss++, Amss\+\+, Amss Plus | 2026-04-15 | 7.5 High |
| AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system. | ||||
| CVE-2020-37138 | 1 10-strike | 1 Network Inventory Explorer | 2026-04-15 | 9.8 Critical |
| 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain. | ||||
| CVE-2020-37143 | 1 Ge Intelligent Platforms | 1 Proficyscada For Ios | 2026-04-15 | 7.5 High |
| ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication. | ||||
| CVE-2020-37145 | 1 Hrsale | 1 Hrsale | 2026-04-15 | 4.3 Medium |
| HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges. | ||||
| CVE-2020-37155 | 1 Core Ftp | 1 Core Ftp Lite | 2026-04-15 | 7.5 High |
| Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction. | ||||
| CVE-2020-37157 | 1 Dbpower | 1 C300 Hd Camera | 2026-04-15 | 7.5 High |
| DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource. | ||||
| CVE-2020-37159 | 1 Parallaxis | 1 Cuckoo Clock | 2026-04-15 | 9.8 Critical |
| Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution. | ||||
| CVE-2020-37160 | 1 Microsoft | 1 Windows | 2026-04-15 | 6.2 Medium |
| SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access. | ||||
| CVE-2020-37177 | 1 Weird Solutions | 1 Bootpturbo | 2026-04-15 | 7.5 High |
| BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain. | ||||