Export limit exceeded: 342973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36953 | 1 Minitool | 1 Shadowmaker | 2026-04-07 | 7.8 High |
| MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36952 | 1 Iobit | 2 Iobit Unlocker, Uninstaller | 2026-04-07 | 7.8 High |
| IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup. | ||||
| CVE-2020-36950 | 1 Laravel | 1 Laravel Nova | 2026-04-07 | 6.5 Medium |
| Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server. | ||||
| CVE-2020-36946 | 1 Flexense | 1 Syncbreeze | 2026-04-07 | 7.5 High |
| SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability. | ||||
| CVE-2020-36939 | 1 Avalanche123 | 1 Cassandra Web | 2026-04-07 | 7.5 High |
| Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials. | ||||
| CVE-2020-36932 | 1 Seacms | 1 Seacms | 2026-04-07 | 6.1 Medium |
| SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded. | ||||
| CVE-2020-36926 | 1 Smartertools | 2 Smartermail, Smartertrack | 2026-04-07 | 7.5 High |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | ||||
| CVE-2020-36894 | 1 Eibiz | 1 I-media Server Digital Signage | 2026-04-07 | 7.5 High |
| Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls. | ||||
| CVE-2020-36892 | 1 Eibiz | 1 I-media Server Digital Signage | 2026-04-07 | 9.8 Critical |
| Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication. | ||||
| CVE-2020-36880 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2026-04-07 | 7.8 High |
| Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system. | ||||
| CVE-2020-36878 | 1 Request | 1 Serious Play | 2026-04-07 | N/A |
| ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources. | ||||
| CVE-2020-36877 | 1 Request | 1 Serious Play Pro | 2026-04-07 | N/A |
| ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server. | ||||
| CVE-2020-36876 | 1 Request Serious Play | 2 Request Serious Play, Request Serious Play Pro | 2026-04-07 | N/A |
| ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page. | ||||
| CVE-2020-36872 | 1 Bacnet Test | 1 Test Server | 2026-04-07 | N/A |
| BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service. | ||||
| CVE-2020-36871 | 1 Escam | 1 Qd-900 Wifi Hd Camera | 2026-04-07 | N/A |
| ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network. | ||||
| CVE-2019-25507 | 1 Ashopsoftware | 1 Ashop Shopping Cart Software | 2026-04-07 | 8.2 High |
| Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to extract sensitive database information. | ||||
| CVE-2019-25506 | 2 Freesms, Freesms Project | 2 Freesms, Freesms | 2026-04-07 | 8.2 High |
| FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function. | ||||
| CVE-2019-25505 | 1 Bdtask | 1 Tradebox | 2026-04-07 | 7.1 High |
| Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25504 | 1 Ncrypted | 1 Ncrypted Jobgator | 2026-04-07 | 8.2 High |
| NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensitive database information. | ||||
| CVE-2019-25503 | 1 Blondish | 1 Phpads | 2026-04-07 | 7.1 High |
| PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name. | ||||