Search Results (364098 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-20697 1 Nodcms 1 Nodcms 2024-12-10 4.8 Medium
Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.
CVE-2020-20636 1 Joyplus-cms Project 1 Joyplus-cms 2024-12-10 7.5 High
SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function.
CVE-2020-20502 1 Yzmcms 1 Yzmcms 2024-12-10 6.5 Medium
Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.
CVE-2023-29181 1 Fortinet 3 Fortios, Fortipam, Fortiproxy 2024-12-10 8.3 High
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command.
CVE-2024-42494 1 Ruijienetworks 1 Reyee Os 2024-12-10 6.5 Medium
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
CVE-2024-47043 2 Ruijie, Ruijienetworks 2 Reyee Os, Reyee Os 2024-12-10 7.5 High
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
CVE-2024-46907 1 Progress 1 Whatsup Gold 2024-12-10 8.8 High
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVE-2024-46908 1 Progress 1 Whatsup Gold 2024-12-10 8.8 High
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVE-2024-54936 1 Lopalopa 1 E-learning Management System 2024-12-10 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVE-2024-54919 1 Lopalopa 1 E-learning Management System 2024-12-10 5.4 Medium
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
CVE-2020-21052 1 Zrlog 1 Zrlog 2024-12-10 6.1 Medium
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
CVE-2020-20919 1 Pluck-cms 1 Pluck 2024-12-10 7.2 High
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
CVE-2020-20918 1 Pluck-cms 1 Pluck 2024-12-10 7.2 High
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
CVE-2020-20735 1 8cms 1 Ljcms 2024-12-10 9.8 Critical
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
CVE-2020-20718 1 Pluck-cms 1 Pluckcms 2024-12-10 9.8 Critical
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
CVE-2020-20703 1 Vim 1 Vim 2024-12-10 9.8 Critical
Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.
CVE-2024-46909 1 Progress 1 Whatsup Gold 2024-12-10 9.8 Critical
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
CVE-2023-50303 1 Ibm 1 Infosphere Information Server 2024-12-10 6.1 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.
CVE-2022-48611 1 Apple 1 Itunes 2024-12-10 7.8 High
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
CVE-2023-33843 1 Ibm 1 Infosphere Information Server 2024-12-10 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544.