Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • CVSS Version: 3
  • CVSS V3 Metrics: AV:N
  • CVSS V3 Severity: Critical (9-10)
There are 10,003 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-8521

SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql

Published: July 07, 2020; 4:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-8520

SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql

Published: July 07, 2020; 4:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-8519

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql

Published: July 07, 2020; 4:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-20896

WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.

Published: July 07, 2020; 3:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-15506

An Authentication Bypass vulnerability in MobileIron Core and Connector versions 10.6 and earlier that allows remote attackers to bypass authentication mechanisms via unspecified vectors.

Published: July 06, 2020; 10:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-15505

A remote code execution vulnerability in MobileIron Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

Published: July 06, 2020; 10:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-15541

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.

Published: July 05, 2020; 6:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-15540

We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.

Published: July 05, 2020; 12:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-14172

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1.

Published: July 02, 2020; 10:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-4074

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.

Published: July 02, 2020; 1:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.

Published: July 02, 2020; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-3297

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.

Published: July 02, 2020; 1:15:11 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-15490

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)

Published: July 01, 2020; 5:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-15489

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.

Published: July 01, 2020; 5:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-14057

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

Published: July 01, 2020; 1:15:14 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-14056

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.

Published: July 01, 2020; 1:15:13 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-13619

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.

Published: July 01, 2020; 1:15:13 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Published: July 01, 2020; 11:15:15 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-5901

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.

Published: July 01, 2020; 11:15:15 AM -0400
V3.1: 9.6 CRITICAL
V2.0: 9.3 HIGH
CVE-2020-13382

openSIS through 7.4 has Incorrect Access Control.

Published: July 01, 2020; 11:15:13 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM