Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-30938 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: ... | N/A | NONE | — | 0 |
| CVE-2020-7129 A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 7.2 | HIGH | — | 0 |
| CVE-2020-27690 The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with ... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-27691 The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-27692 The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR... | 8.8 | HIGH | — | 0 |
| CVE-2020-26207 DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a w... | 8.0 | HIGH | — | 0 |
| CVE-2020-15950 Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. | 8.8 | HIGH | — | 0 |
| CVE-2020-25201 HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. | 7.5 | HIGH | — | 0 |
| CVE-2020-27387 An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP... | 8.8 | HIGH | — | 0 |
| CVE-2020-7761 This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-7762 This affects the package jsreport-chrome-pdf before 1.10.0. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-7763 This affects the package phantom-html-to-pdf before 0.6.1. | 7.5 | HIGH | — | 0 |
| CVE-2020-15949 Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. | 7.5 | HIGH | — | 0 |
| CVE-2025-30939 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a... | N/A | NONE | — | 0 |
| CVE-2020-15951 Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker co... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-15952 Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta... | 9.0 | CRITICAL | — | 0 |
| CVE-2020-24849 A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is poss... | 8.8 | HIGH | — | 0 |
| CVE-2020-27402 The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. | 7.8 | HIGH | — | 0 |
| CVE-2020-27688 RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method fr... | 7.5 | HIGH | — | 0 |
| CVE-2020-27955 Git LFS 2.12.0 allows Remote Code Execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-28047 AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitr... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-28115 SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | 8.8 | HIGH | — | 0 |
| CVE-2020-25398 CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | 8.8 | HIGH | — | 0 |
| CVE-2020-25399 Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | 7.8 | HIGH | — | 0 |
| CVE-2020-26506 An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed f... | 4.3 | MEDIUM | — | 0 |
| CVE-2018-1725 IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440. | 2.3 | LOW | — | 0 |
| CVE-2020-14222 HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a cra... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-20125 EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-26505 A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they op... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-4097 In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input par... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-26507 A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing for... | 7.8 | HIGH | — | 0 |
| CVE-2020-12145 Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by intro... | 6.6 | MEDIUM | — | 0 |
| CVE-2020-12146 In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles ... | 6.6 | MEDIUM | — | 0 |
| CVE-2020-5945 In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalatio... | 8.4 | HIGH | — | 0 |
| CVE-2020-12147 In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution RE... | 6.6 | MEDIUM | — | 0 |
| CVE-2020-13661 Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the p... | 8.8 | HIGH | — | 0 |
| CVE-2020-8267 A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-24426 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure... | 3.3 | LOW | — | 0 |
| CVE-2020-24431 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic ... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-24427 Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that... | 3.3 | LOW | — | 0 |
| CVE-2020-24428 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vul... | 7.7 | HIGH | — | 0 |
| CVE-2020-24429 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in lo... | 7.7 | HIGH | — | 0 |
| CVE-2020-24430 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript... | 7.8 | HIGH | — | 0 |
| CVE-2020-5944 In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 ... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-24432 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper... | 6.7 | MEDIUM | — | 0 |
| CVE-2020-24433 Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enabl... | 7.8 | HIGH | — | 0 |
| CVE-2020-24434 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure... | 3.3 | LOW | — | 0 |
| CVE-2020-24435 Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm func... | 7.8 | HIGH | — | 0 |
| CVE-2020-21658 A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-24436 Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing pa... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.