Export limit exceeded: 10227 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10227 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35858 | 1 Prost Project | 1 Prost | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM). | ||||
| CVE-2020-35754 | 1 Opensolution | 2 Quick.cart, Quick.cms | 2024-11-21 | 7.2 High |
| OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab. | ||||
| CVE-2020-35734 | 1 Batflat | 1 Batflat | 2024-11-21 | 7.2 High |
| Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35717 | 1 Electronjs | 1 Zonote | 2024-11-21 | 9.0 Critical |
| zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). | ||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 8.8 High |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | ||||
| CVE-2020-35489 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | 10.0 Critical |
| The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | ||||
| CVE-2020-35476 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | ||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2024-11-21 | 8.8 High |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | ||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | ||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | ||||
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2024-11-21 | 8.8 High |
| vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | ||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2024-11-21 | 8.8 High |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2024-11-21 | 8.8 High |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2024-11-21 | 8.8 High |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2024-11-21 | 8.8 High |
| Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2167 | 2 Jenkins, Redhat | 2 Openshift Pipeline, Openshift | 2024-11-21 | 8.8 High |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2024-11-21 | 8.8 High |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||