CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359347 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-19642	1 Insma	2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware	2024-11-21	6.2 Medium
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card.
CVE-2020-19641	1 Insma	2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware	2024-11-21	8.8 High
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'.
CVE-2020-19640	1 Insma	2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware	2024-11-21	7.5 High
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'.
CVE-2020-19639	1 Insma	2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.
CVE-2020-19626	1 Craftcms	1 Craft Cms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
CVE-2020-19625	1 Gridx Project	1 Gridx	2024-11-21	9.8 Critical
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
CVE-2020-19619	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19613	1 Flycms Project	1 Flycms	2024-11-21	7.5 High
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
CVE-2020-19611	1 Racktables Project	1 Racktables	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
CVE-2020-19609	2 Artifex, Debian	2 Mupdf, Debian Linux	2024-11-21	5.5 Medium
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
CVE-2020-19596	1 Coreftp	1 Core Ftp	2024-11-21	9.8 Critical
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.
CVE-2020-19595	1 Coreftp	1 Core Ftp	2024-11-21	7.5 High
Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.
CVE-2020-19587	1 Idera	1 Yellowfin Business Intelligence	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
CVE-2020-19586	1 Yellowfinbi	1 Business Intelligence	2024-11-21	9.0 Critical
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
CVE-2020-19559	1 Dieboldnixdorf	1 Agilis Xfs For Opteva	2024-11-21	9.8 Critical
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.
CVE-2020-19554	1 Manageengine	1 Opmanager	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
CVE-2020-19553	1 Wuzhicms	1 Wuzhicms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.

« first previous Page 14944 of 17968. next last »