Total
5583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35734 | 1 Batflat | 1 Batflat | 2024-11-21 | 7.2 High |
| Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | ||||
| CVE-2020-35149 | 2 Mquery Project, Redhat | 2 Mquery, Acm | 2024-11-21 | 5.3 Medium |
| lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. | ||||
| CVE-2020-35131 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 9.8 Critical |
| Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. | ||||
| CVE-2020-2135 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 8.8 High |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | ||||
| CVE-2020-28905 | 1 Nagios | 1 Fusion | 2024-11-21 | 8.8 High |
| Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. | ||||
| CVE-2020-28870 | 1 Inoideas | 1 Inoerp | 2024-11-21 | 9.8 Critical |
| In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | ||||
| CVE-2020-28502 | 1 Xmlhttprequest Project | 1 Xmlhttprequest | 2024-11-21 | 8.1 High |
| This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. | ||||
| CVE-2020-28464 | 1 Djv Project | 1 Djv | 2024-11-21 | 9.8 Critical |
| This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine. | ||||
| CVE-2020-28367 | 2 Golang, Redhat | 4 Go, Devtools, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | ||||
| CVE-2020-28366 | 4 Fedoraproject, Golang, Netapp and 1 more | 7 Fedora, Go, Cloud Insights Telegraf Agent and 4 more | 2024-11-21 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | ||||
| CVE-2020-26238 | 2 Cron-utils Project, Redhat | 4 Cron-utils, Camel Quarkus, Integration and 1 more | 2024-11-21 | 7.9 High |
| Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3. | ||||
| CVE-2020-26124 | 1 Openmediavault | 1 Openmediavault | 2024-11-21 | 8.8 High |
| openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | ||||
| CVE-2020-25557 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 8.8 High |
| In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server. | ||||
| CVE-2020-25538 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 8.8 High |
| An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | ||||
| CVE-2020-24628 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2024-11-21 | 8.8 High |
| A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | ||||
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 8.8 High |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | ||||
| CVE-2020-23037 | 1 Portable | 1 Playable | 2024-11-21 | 9.8 Critical |
| Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | ||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | 9.8 Critical |
| Installer RCE on settings file write in MyBB before 1.8.22. | ||||