Search

Search Results (363504 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23044 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-23043 1 Air Sender Project 1 Air Sender 2024-11-21 8.8 High
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
CVE-2020-23042 1 Dropouts 1 Super Backup 2024-11-21 6.1 Medium
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23041 1 Dropouts 1 Air Share 2024-11-21 6.1 Medium
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23040 1 Sky File Project 1 Sky File 2024-11-21 7.5 High
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
CVE-2020-23039 1 Newsoftwares 1 Folder Lock 2024-11-21 5.4 Medium
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
CVE-2020-23038 1 Kumilabs 1 Swift File Transfer 2024-11-21 7.5 High
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.
CVE-2020-23037 1 Portable 1 Playable 2024-11-21 9.8 Critical
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVE-2020-23036 1 Medianavi 1 Smacom 2024-11-21 5.9 Medium
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.
CVE-2020-23026 1 Dhrystone Project 1 Dhrystone 2024-11-21 7.5 High
A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).
CVE-2020-23015 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
CVE-2020-23014 1 Apfell Project 1 Apfell 2024-11-21 5.4 Medium
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.
CVE-2020-22937 1 Phome 1 Empirecms 2024-11-21 9.8 Critical
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.
CVE-2020-22916 1 Tukaani 1 Xz 2024-11-21 5.5 Medium
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
CVE-2020-22907 1 Jsish 1 Jsish 2024-11-21 7.5 High
Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.
CVE-2020-22886 1 Artifex 1 Mujs 2024-11-21 7.5 High
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.
CVE-2020-22885 1 Artifex 1 Mujs 2024-11-21 7.5 High
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.
CVE-2020-22884 1 Espruino 1 Espruino 2024-11-21 9.8 Critical
Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.
CVE-2020-22882 1 Moddable 1 Moddable 2024-11-21 7.5 High
Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.
CVE-2020-22876 1 Quickjs Project 1 Quickjs 2024-11-21 7.5 High
Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release.