Export limit exceeded: 343250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343250 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36983 | 2 Pablo Software Solutions, Pablosoftwaresolutions | 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server | 2026-04-07 | 7.8 High |
| Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart. | ||||
| CVE-2020-36975 | 1 Epson | 1 Status Monitor 3 | 2026-04-07 | 7.8 High |
| EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36967 | 1 Zortam | 1 Mp3 Media Studio | 2026-04-07 | 9.8 Critical |
| Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system. | ||||
| CVE-2020-36963 | 1 Intelbras | 1 Rf 301k | 2026-04-07 | 7.5 High |
| Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication. | ||||
| CVE-2020-36956 | 1 Igniterealtime | 1 Openfire | 2026-04-07 | 6.4 Medium |
| Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page. | ||||
| CVE-2020-36953 | 1 Minitool | 1 Shadowmaker | 2026-04-07 | 7.8 High |
| MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36952 | 1 Iobit | 2 Iobit Unlocker, Uninstaller | 2026-04-07 | 7.8 High |
| IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup. | ||||
| CVE-2020-36950 | 1 Laravel | 1 Laravel Nova | 2026-04-07 | 6.5 Medium |
| Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server. | ||||
| CVE-2020-36946 | 1 Flexense | 1 Syncbreeze | 2026-04-07 | 7.5 High |
| SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability. | ||||
| CVE-2020-36939 | 1 Avalanche123 | 1 Cassandra Web | 2026-04-07 | 7.5 High |
| Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials. | ||||
| CVE-2020-36932 | 1 Seacms | 1 Seacms | 2026-04-07 | 6.1 Medium |
| SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded. | ||||
| CVE-2020-36926 | 1 Smartertools | 2 Smartermail, Smartertrack | 2026-04-07 | 7.5 High |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | ||||
| CVE-2020-36894 | 1 Eibiz | 1 I-media Server Digital Signage | 2026-04-07 | 7.5 High |
| Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls. | ||||
| CVE-2020-36892 | 1 Eibiz | 1 I-media Server Digital Signage | 2026-04-07 | 9.8 Critical |
| Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication. | ||||
| CVE-2020-36880 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2026-04-07 | 7.8 High |
| Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system. | ||||
| CVE-2020-36878 | 1 Request | 1 Serious Play | 2026-04-07 | N/A |
| ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources. | ||||
| CVE-2020-36877 | 1 Request | 1 Serious Play Pro | 2026-04-07 | N/A |
| ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server. | ||||
| CVE-2020-36876 | 1 Request Serious Play | 2 Request Serious Play, Request Serious Play Pro | 2026-04-07 | N/A |
| ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page. | ||||
| CVE-2020-36872 | 1 Bacnet Test | 1 Test Server | 2026-04-07 | N/A |
| BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service. | ||||
| CVE-2020-36871 | 1 Escam | 1 Qd-900 Wifi Hd Camera | 2026-04-07 | N/A |
| ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network. | ||||