Total
4818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | |||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | |||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | |||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2020-1959 | 1 Apache | 1 Syncope | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. | |||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | |||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | |||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | |||||
| CVE-2020-15817 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | |||||
| CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | |||||
| CVE-2020-15541 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | |||||
| CVE-2020-15227 | 2 Debian, Nette | 2 Debian Linux, Application | 2024-11-21 | 7.5 HIGH | 8.7 HIGH |
| Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | |||||
| CVE-2020-15150 | 1 Duffel | 1 Paginator | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5. | |||||
| CVE-2020-15142 | 1 Openapi-python-client Project | 1 Openapi-python-client | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. | |||||
| CVE-2020-14971 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. | |||||
| CVE-2020-13994 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | |||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | |||||
| CVE-2020-12842 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | |||||
| CVE-2020-12839 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | |||||
| CVE-2020-12838 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. | |||||