Search

Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-20946 1 Qibosoft 1 Qibosoft 2024-11-21 5.4 Medium
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
CVE-2020-20945 1 Qibosoft 1 Qibosoft 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
CVE-2020-20944 1 Qibosoft 1 Qibosoft 2024-11-21 9.1 Critical
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
CVE-2020-20943 1 Qibosoft 1 Qibosoft 2024-11-21 4.3 Medium
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
CVE-2020-20908 1 Akaunting 1 Akaunting 2024-11-21 5.4 Medium
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.
CVE-2020-20907 2 Metinfo, Microsoft 2 Metinfo, Windows 2024-11-21 9.1 Critical
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
CVE-2020-20902 1 Ffmpeg 1 Ffmpeg 2024-11-21 6.5 Medium
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
CVE-2020-20898 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2020-20896 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
CVE-2020-20892 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
CVE-2020-20891 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2020-20813 1 Openvpn 1 Openvpn 2024-11-21 7.5 High
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
CVE-2020-20808 1 Qibosoft 1 Qibosoft 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
CVE-2020-20800 1 Metinfo 1 Metinfo 2024-11-21 9.8 Critical
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
CVE-2020-20799 1 Jeecms 1 Jeecms 2024-11-21 5.4 Medium
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.
CVE-2020-20797 1 Flamecms Project 1 Flamecms 2024-11-21 9.8 Critical
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
CVE-2020-20796 1 Flamecms Project 1 Flamecms 2024-11-21 9.8 Critical
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
CVE-2020-20781 1 Ucms Project 1 Ucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
CVE-2020-20746 1 Tendacn 2 Ac9, Ac9 Firmware 2024-11-21 7.2 High
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
CVE-2020-20741 1 Beckhoff 1 Cx9020 2024-11-21 9.8 Critical
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.