Total
5451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 8.8 High |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | ||||
| CVE-2020-23037 | 1 Portable | 1 Playable | 2024-11-21 | 9.8 Critical |
| Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | ||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | 9.8 Critical |
| Installer RCE on settings file write in MyBB before 1.8.22. | ||||
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 8.8 High |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | ||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | ||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 9.8 Critical |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | ||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | ||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | ||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.8 High |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | ||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 9.8 Critical |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | ||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 9.8 Critical |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2024-11-21 | 9.8 Critical |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | ||||
| CVE-2020-15865 | 1 Stimulsoft | 1 Reports | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server. | ||||
| CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-11-21 | 9.8 Critical |
| In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | ||||
| CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2024-11-21 | 9.8 Critical |
| fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | ||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | ||||
| CVE-2020-15348 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | ||||