Total
4800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28502 | 1 Xmlhttprequest Project | 1 Xmlhttprequest | 2024-11-21 | 8.1 High |
| This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. | ||||
| CVE-2020-28464 | 1 Djv Project | 1 Djv | 2024-11-21 | 9.8 Critical |
| This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine. | ||||
| CVE-2020-28367 | 2 Golang, Redhat | 4 Go, Devtools, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | ||||
| CVE-2020-28366 | 4 Fedoraproject, Golang, Netapp and 1 more | 7 Fedora, Go, Cloud Insights Telegraf Agent and 4 more | 2024-11-21 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | ||||
| CVE-2020-26238 | 2 Cron-utils Project, Redhat | 4 Cron-utils, Camel Quarkus, Integration and 1 more | 2024-11-21 | 7.9 High |
| Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3. | ||||
| CVE-2020-26124 | 1 Openmediavault | 1 Openmediavault | 2024-11-21 | 8.8 High |
| openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | ||||
| CVE-2020-25557 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 8.8 High |
| In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server. | ||||
| CVE-2020-25538 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 8.8 High |
| An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | ||||
| CVE-2020-24628 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2024-11-21 | 8.8 High |
| A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | ||||
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 8.8 High |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | ||||
| CVE-2020-23037 | 1 Portable | 1 Playable | 2024-11-21 | 9.8 Critical |
| Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | ||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | 9.8 Critical |
| Installer RCE on settings file write in MyBB before 1.8.22. | ||||
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 8.8 High |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | ||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | ||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 9.8 Critical |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | ||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | ||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | ||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.8 High |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | ||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 9.8 Critical |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | ||||