Search Results (83918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36144 1 Redash 1 Redash 2024-11-21 5.3 Medium
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.
CVE-2020-36139 1 Bloofox 1 Bloofoxcms 2024-11-21 5.4 Medium
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
CVE-2020-36131 1 Aomedia 1 Aomedia 2024-11-21 8.8 High
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
CVE-2020-36129 1 Aomedia 1 Aomedia 2024-11-21 8.8 High
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
CVE-2020-36115 2 Egavilanmedia, Microsoft 2 Phpcrud, Windows 2024-11-21 5.4 Medium
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.
CVE-2020-36064 1 Online Course Registration Project 1 Online Course Registration 2024-11-21 9.8 Critical
Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.
CVE-2020-36062 1 Phpgurukul 1 Dairy Farm Shop Management System 2024-11-21 9.8 Critical
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.
CVE-2020-36056 1 Beetel 2 777vr1, 777vr1 Firmware 2024-11-21 5.4 Medium
Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option.
CVE-2020-36049 1 Socket 1 Socket.io-parser 2024-11-21 7.5 High
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
CVE-2020-36012 1 Bdtask 1 Multi-store 2024-11-21 4.8 Medium
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
CVE-2020-36011 1 Qdocs 1 Smart Hospital 2024-11-21 4.8 Medium
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
CVE-2020-36007 1 Appcms 1 Appcms 2024-11-21 6.1 Medium
AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users.
CVE-2020-35987 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35986 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35985 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35984 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
CVE-2020-35979 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
CVE-2020-35973 1 Zzcms 1 Zzcms 2024-11-21 5.4 Medium
An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.
CVE-2020-35971 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
CVE-2020-35965 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 High
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.