Total
5172 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 8.8 High |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | ||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | ||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 9.8 Critical |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | ||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | ||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | ||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.8 High |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | ||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 9.8 Critical |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2020-20298 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 9.8 Critical |
| Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | ||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 9.8 Critical |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2024-11-21 | 9.8 Critical |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | ||||
| CVE-2020-15865 | 1 Stimulsoft | 1 Reports | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server. | ||||
| CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-11-21 | 9.8 Critical |
| In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | ||||
| CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2024-11-21 | 9.8 Critical |
| fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | ||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | ||||
| CVE-2020-15348 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | ||||
| CVE-2020-15252 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 8.5 High |
| In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6. | ||||
| CVE-2020-15227 | 2 Debian, Nette | 2 Debian Linux, Application | 2024-11-21 | 8.7 High |
| Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | ||||
| CVE-2020-15171 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 6.6 Medium |
| In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users. | ||||
| CVE-2020-15167 | 1 Johnkerl | 1 Miller | 2024-11-21 | 8.2 High |
| In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. | ||||