CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43213 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-19881	1 Dbhcms Project	1 Dbhcms	2024-11-21	4.8 Medium
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19880	1 Dbhcms Project	1 Dbhcms	2024-11-21	6.1 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.
CVE-2020-19879	1 Dbhcms Project	1 Dbhcms	2024-11-21	6.1 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,
CVE-2020-19855	1 Phpwcms	1 Phpwcms	2024-11-21	6.1 Medium
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
CVE-2020-19762	1 Carrier	1 Webctrl System	2024-11-21	6.1 Medium
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
CVE-2020-19709	1 Feehi	1 Feehicms	2024-11-21	6.1 Medium
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload.
CVE-2020-19704	1 Spring-boot-admin Project	1 Spring-boot-admin	2024-11-21	5.4 Medium
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19703	1 Dzzoffice	1 Dzzoffice	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-19683	1 Zzzcms	1 Zzzcms	2024-11-21	5.4 Medium
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
CVE-2020-19643	1 Insma	2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
CVE-2020-19626	1 Craftcms	1 Craft Cms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
CVE-2020-19619	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19611	1 Racktables Project	1 Racktables	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
CVE-2020-19587	1 Idera	1 Yellowfin Business Intelligence	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
CVE-2020-19586	1 Yellowfinbi	1 Business Intelligence	2024-11-21	9.0 Critical
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
CVE-2020-19554	1 Manageengine	1 Opmanager	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
CVE-2020-19553	1 Wuzhicms	1 Wuzhicms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.

« first previous Page 1799 of 2161. next last »