Total
5223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | |||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Installer RCE on settings file write in MyBB before 1.8.22. | |||||
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | |||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | |||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | |||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | |||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | |||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | |||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | |||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | |||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | |||||
| CVE-2020-15865 | 1 Stimulsoft | 1 Reports | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server. | |||||
| CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | |||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | |||||
| CVE-2020-15348 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | |||||
| CVE-2020-15227 | 2 Debian, Nette | 2 Debian Linux, Application | 2024-11-21 | 7.5 HIGH | 8.7 HIGH |
| Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | |||||
| CVE-2020-15150 | 1 Duffel | 1 Paginator | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5. | |||||
| CVE-2020-15142 | 1 Openapi-python-client Project | 1 Openapi-python-client | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. | |||||