| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-19000 | Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary... | E | |
| CVE-2020-19001 | Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system c... | E | |
| CVE-2020-19002 | Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via... | E | |
| CVE-2020-19003 | An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins ... | E | |
| CVE-2020-19005 | zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other una... | S | |
| CVE-2020-19007 | Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The j... | E | |
| CVE-2020-19028 | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access t... | E | |
| CVE-2020-19037 | Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrpt... | E | |
| CVE-2020-19038 | File Deletion vulnerability in Halo 0.4.3 via delBackup.... | E | |
| CVE-2020-19042 | Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.ph... | E | |
| CVE-2020-19046 | Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the c... | E | |
| CVE-2020-19047 | Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code ... | E | |
| CVE-2020-19048 | Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or... | E | |
| CVE-2020-19049 | Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or... | E | |
| CVE-2020-19107 | SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which... | E | |
| CVE-2020-19108 | SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, whi... | E | |
| CVE-2020-19109 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, ... | E | |
| CVE-2020-19110 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php paramet... | | |
| CVE-2020-19111 | Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could l... | E | |
| CVE-2020-19112 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php... | E | |
| CVE-2020-19113 | Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to re... | E | |
| CVE-2020-19114 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, ... | E | |
| CVE-2020-19118 | Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/ini... | E | |
| CVE-2020-19131 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImag... | E S | |
| CVE-2020-19137 | Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text l... | E S | |
| CVE-2020-19138 | Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers ... | E S | |
| CVE-2020-19142 | iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX paramete... | E | |
| CVE-2020-19143 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetFi... | S | |
| CVE-2020-19144 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFme... | S | |
| CVE-2020-19146 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive... | E | |
| CVE-2020-19147 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive... | E | |
| CVE-2020-19148 | Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbit... | E | |
| CVE-2020-19150 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive... | E | |
| CVE-2020-19151 | Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code... | E | |
| CVE-2020-19154 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive... | E | |
| CVE-2020-19155 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive... | E | |
| CVE-2020-19156 | Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via t... | E | |
| CVE-2020-19157 | Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via t... | E | |
| CVE-2020-19158 | Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute ar... | | |
| CVE-2020-19159 | Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code v... | E | |
| CVE-2020-19165 | PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.... | E | |
| CVE-2020-19185 | Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 ... | E | |
| CVE-2020-19186 | Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allo... | E | |
| CVE-2020-19187 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows... | E | |
| CVE-2020-19188 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows... | E | |
| CVE-2020-19189 | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses... | E | |
| CVE-2020-19190 | Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote... | E | |
| CVE-2020-19199 | A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=sa... | E | |
| CVE-2020-19201 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in t... | E | |
| CVE-2020-19202 | An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via th... | E M | |
| CVE-2020-19203 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_w... | | |
| CVE-2020-19204 | An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFi... | S | |
| CVE-2020-19212 | SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to del... | E | |
| CVE-2020-19213 | SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_ca... | E | |
| CVE-2020-19215 | SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to ... | E | |
| CVE-2020-19216 | SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to ... | E | |
| CVE-2020-19217 | SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category par... | E | |
| CVE-2020-19228 | An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to... | E | |
| CVE-2020-19229 | Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version... | E | |
| CVE-2020-19248 | SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a ... | E | |
| CVE-2020-19263 | A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user p... | E | |
| CVE-2020-19264 | A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via i... | E | |
| CVE-2020-19265 | A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of ... | E | |
| CVE-2020-19266 | A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList componen... | E | |
| CVE-2020-19267 | An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary... | E | |
| CVE-2020-19268 | A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenti... | E | |
| CVE-2020-19274 | A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message b... | E | |
| CVE-2020-19275 | An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters ... | E | |
| CVE-2020-19277 | Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to exec... | E | |
| CVE-2020-19278 | Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker t... | E | |
| CVE-2020-19279 | Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges vi... | | |
| CVE-2020-19280 | Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privile... | E | |
| CVE-2020-19281 | A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1... | E | |
| CVE-2020-19282 | A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arb... | E | |
| CVE-2020-19283 | A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 al... | E | |
| CVE-2020-19284 | A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 al... | E | |
| CVE-2020-19285 | A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allo... | E | |
| CVE-2020-19286 | A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 ... | E | |
| CVE-2020-19287 | A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allow... | E | |
| CVE-2020-19288 | A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allo... | E | |
| CVE-2020-19289 | A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1... | E | |
| CVE-2020-19290 | A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 al... | E | |
| CVE-2020-19291 | A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.... | E | |
| CVE-2020-19292 | A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 all... | E | |
| CVE-2020-19293 | A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allo... | E | |
| CVE-2020-19294 | A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 ... | E | |
| CVE-2020-19295 | A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 a... | E | |
| CVE-2020-19301 | A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute ... | E | |
| CVE-2020-19302 | An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attac... | E | |
| CVE-2020-19303 | An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute a... | E | |
| CVE-2020-19304 | An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to... | E | |
| CVE-2020-19305 | An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter... | E | |
| CVE-2020-19316 | OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.... | E S | |
| CVE-2020-19318 | Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and... | E | |
| CVE-2020-19319 | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.... | E | |
| CVE-2020-19320 | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.... | E | |
| CVE-2020-19323 | An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buff... | E | |
| CVE-2020-19360 | Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attac... | E | |
| CVE-2020-19361 | Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an att... | E | |
| CVE-2020-19362 | Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in ... | E | |
| CVE-2020-19363 | Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries a... | E | |
| CVE-2020-19364 | OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /... | E | |
| CVE-2020-19417 | Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account ... | E | |
| CVE-2020-19419 | Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to ob... | E | |
| CVE-2020-19447 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php v... | | |
| CVE-2020-19450 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdown... | | |
| CVE-2020-19451 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdown... | | |
| CVE-2020-19455 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/he... | | |
| CVE-2020-19463 | An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denia... | E | |
| CVE-2020-19464 | An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a De... | E | |
| CVE-2020-19465 | An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers t... | E | |
| CVE-2020-19466 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attack... | E | |
| CVE-2020-19467 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attack... | E | |
| CVE-2020-19468 | An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to c... | E | |
| CVE-2020-19469 | An issue has been found in function DCTStream::reset in PDF2JSON 0.70 that allows attackers to cause... | E S | |
| CVE-2020-19470 | An issue has been found in function DCTStream::getChar in PDF2JSON 0.70 that allows attackers to cau... | E S | |
| CVE-2020-19471 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to... | E S | |
| CVE-2020-19472 | An issue has been found in function DCTStream::readHuffSym in PDF2JSON 0.70 that allows attackers to... | E S | |
| CVE-2020-19473 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to... | E S | |
| CVE-2020-19474 | An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 that allows attackers to cause ... | E S | |
| CVE-2020-19475 | An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers ... | E S | |
| CVE-2020-19481 | An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memo... | E S | |
| CVE-2020-19488 | An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a De... | E S | |
| CVE-2020-19490 | tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to... | E S | |
| CVE-2020-19491 | There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. ... | E S | |
| CVE-2020-19492 | There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4.... | E S | |
| CVE-2020-19497 | Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Lib... | E S | |
| CVE-2020-19498 | Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial o... | E S | |
| CVE-2020-19499 | An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to caus... | E S | |
| CVE-2020-19500 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2020-19510 | Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.p... | E | |
| CVE-2020-19511 | Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fiel... | E | |
| CVE-2020-19513 | Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary cod... | E | |
| CVE-2020-19515 | qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.... | E | |
| CVE-2020-19527 | iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME param... | E | |
| CVE-2020-19547 | Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php.... | E | |
| CVE-2020-19551 | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when ... | E | |
| CVE-2020-19553 | Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config ... | E | |
| CVE-2020-19554 | Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API ke... | | |
| CVE-2020-19559 | An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary co... | E | |
| CVE-2020-19586 | Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to esc... | E | |
| CVE-2020-19587 | Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence ... | E | |
| CVE-2020-19595 | Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.... | E | |
| CVE-2020-19596 | Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.... | E | |
| CVE-2020-19609 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function wh... | E S | |
| CVE-2020-19611 | Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to in... | S | |
| CVE-2020-19613 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunk... | E | |
| CVE-2020-19616 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.... | E | |
| CVE-2020-19617 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.... | E | |
| CVE-2020-19618 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.... | E | |
| CVE-2020-19619 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.... | E | |
| CVE-2020-19625 | Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, ... | E | |
| CVE-2020-19626 | Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbit... | E S | |
| CVE-2020-19639 | Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1... | | |
| CVE-2020-19640 | An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticat... | E | |
| CVE-2020-19641 | An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated at... | E | |
| CVE-2020-19642 | An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker... | E | |
| CVE-2020-19643 | Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B ... | E | |
| CVE-2020-19660 | Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via cra... | S | |
| CVE-2020-19664 | DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA act... | E | |
| CVE-2020-19667 | Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.... | E | |
| CVE-2020-19668 | Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif... | E | |
| CVE-2020-19669 | Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin accoun... | E | |
| CVE-2020-19670 | In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing adminis... | E | |
| CVE-2020-19672 | Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the backgro... | E | |
| CVE-2020-19676 | Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get th... | E | |
| CVE-2020-19678 | Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 ... | E S | |
| CVE-2020-19682 | A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton ... | E | |
| CVE-2020-19683 | A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.... | E | |
| CVE-2020-19692 | Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitr... | E | |
| CVE-2020-19693 | An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFun... | E S | |
| CVE-2020-19695 | Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_ob... | E S | |
| CVE-2020-19697 | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to exe... | E | |
| CVE-2020-19698 | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to exe... | E | |
| CVE-2020-19699 | Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execu... | E | |
| CVE-2020-19703 | A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attacke... | E | |
| CVE-2020-19704 | A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin a... | E | |
| CVE-2020-19705 | thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.... | E | |
| CVE-2020-19709 | Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary... | E | |
| CVE-2020-19715 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate... | R | |
| CVE-2020-19716 | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a den... | | |
| CVE-2020-19717 | An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL poin... | E | |
| CVE-2020-19718 | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer ... | E | |
| CVE-2020-19719 | A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (... | E | |
| CVE-2020-19720 | An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL poin... | E | |
| CVE-2020-19721 | A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bou... | E | |
| CVE-2020-19722 | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy t... | E | |
| CVE-2020-19724 | A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attack... | E | |
| CVE-2020-19725 | There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs whe... | E S | |
| CVE-2020-19726 | An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attac... | E | |
| CVE-2020-19750 | An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffe... | E S | |
| CVE-2020-19751 | An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-ba... | E S | |
| CVE-2020-19752 | The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.... | E S | |
| CVE-2020-19762 | Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute an... | E | |
| CVE-2020-19765 | An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attacke... | E | |
| CVE-2020-19766 | The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large num... | E | |
| CVE-2020-19767 | A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attack... | E | |
| CVE-2020-19768 | A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers ... | E | |
| CVE-2020-19769 | A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers ... | E | |
| CVE-2020-19770 | A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allo... | E | |
| CVE-2020-19778 | Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "... | E | |
| CVE-2020-19786 | File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritr... | E | |
| CVE-2020-19802 | File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrar... | | |
| CVE-2020-19803 | Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to e... | | |
| CVE-2020-19821 | A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL ... | E | |
| CVE-2020-19822 | A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attack... | E | |
| CVE-2020-19824 | An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program... | E | |
| CVE-2020-19825 | Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownEx... | S | |
| CVE-2020-19850 | An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a g... | E S | |
| CVE-2020-19853 | BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.... | E | |
| CVE-2020-19855 | phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.... | E | |
| CVE-2020-19858 | Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote att... | S | |
| CVE-2020-19860 | When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap o... | E S | |
| CVE-2020-19861 | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the l... | E | |
| CVE-2020-19877 | DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in d... | E | |
| CVE-2020-19878 | DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control... | E | |
| CVE-2020-19879 | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] v... | E | |
| CVE-2020-19880 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in... | E | |
| CVE-2020-19881 | DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.sel... | E | |
| CVE-2020-19882 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_desc... | E | |
| CVE-2020-19883 | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.... | E | |
| CVE-2020-19884 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\... | E | |
| CVE-2020-19885 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['p... | E | |
| CVE-2020-19886 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=... | E | |
| CVE-2020-19887 | DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['p... | E | |
| CVE-2020-19888 | DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line ... | E | |
| CVE-2020-19889 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 ... | E | |
| CVE-2020-19890 | DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is... | E | |
| CVE-2020-19891 | DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatef... | E | |
| CVE-2020-19896 | File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code vi... | E S | |
| CVE-2020-19897 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitra... | E | |
| CVE-2020-19902 | Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execu... | E | |
| CVE-2020-19907 | A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenti... | E | |
| CVE-2020-19909 | Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay... | S | |
| CVE-2020-19914 | Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script... | E | |
| CVE-2020-19915 | Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.... | E | |
| CVE-2020-19924 | In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.... | E | |
| CVE-2020-19947 | Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitr... | E | |
| CVE-2020-19949 | A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows att... | E | |
| CVE-2020-19950 | A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows a... | E | |
| CVE-2020-19951 | A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to ... | E | |
| CVE-2020-19952 | Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252... | E S | |
| CVE-2020-19954 | An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allo... | E | |
| CVE-2020-19957 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to r... | E | |
| CVE-2020-19959 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to r... | E | |
| CVE-2020-19960 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to r... | E | |
| CVE-2020-19961 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to r... | E | |
| CVE-2020-19962 | A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.p... | E | |
| CVE-2020-19964 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attac... | E |