The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-18477 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | MEDIUM | Aug 27, 2021 |
| CVE-2020-18494 | Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | -- | Aug 22, 2023 |
| CVE-2020-18544 | SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the username parameter in the component chkuser.php. | HIGH | Jul 14, 2021 |
| CVE-2020-18568 | The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | HIGH | Feb 4, 2021 |
| CVE-2020-18646 | Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component /public/index.php. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18647 | Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component /nonecms/vendor. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18648 | Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component JuQingCMS_v1.0/admin/index.php?c=administrator&a=add. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18651 | Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. | -- | Aug 22, 2023 |
| CVE-2020-18652 | Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | -- | Aug 22, 2023 |
| CVE-2020-18654 | Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the Title parameter in the component /coreframe/app/guestbook/myissue.php. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18657 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. | MEDIUM | Jun 23, 2021 |
| CVE-2020-18658 | Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. | MEDIUM | Jun 25, 2021 |
| CVE-2020-18659 | Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | MEDIUM | Jun 25, 2021 |
| CVE-2020-18660 | GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | MEDIUM | Jun 23, 2021 |
| CVE-2020-18661 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18662 | SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | HIGH | Jun 24, 2021 |
| CVE-2020-18663 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18664 | Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn. | LOW | Jun 24, 2021 |
| CVE-2020-18665 | Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. | MEDIUM | Jun 24, 2021 |
| CVE-2020-18666 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-18664. Reason: This candidate is a duplicate of CVE-2020-18664. Notes: All CVE users should reference CVE-2020-18664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2020-18667 | SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. | HIGH | Jun 24, 2021 |
| CVE-2020-18668 | Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. | LOW | Jun 24, 2021 |
| CVE-2020-18670 | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | LOW | Jun 24, 2021 |
| CVE-2020-18671 | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | LOW | Jun 24, 2021 |
| CVE-2020-18683 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | HIGH | Oct 3, 2021 |
| CVE-2020-18684 | Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | HIGH | Oct 7, 2021 |
| CVE-2020-18685 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | HIGH | Oct 3, 2021 |
| CVE-2020-18693 | Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the \'Title\' field of the component \'/admin/news\'. | LOW | Aug 6, 2021 |
| CVE-2020-18694 | Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component /admin/profile/save_profile. | MEDIUM | Aug 6, 2021 |
| CVE-2020-18698 | Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the \'login\' function in the component \'app/api/cms/user.py\'. | MEDIUM | Aug 16, 2021 |
| CVE-2020-18699 | Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the \'Username\' parameter of the in component \'app/api/cms/user.py\'. | MEDIUM | Aug 16, 2021 |
| CVE-2020-18701 | Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user\'s authentication token upon logout, which allows for replaying packets. | HIGH | Aug 16, 2021 |
| CVE-2020-18702 | Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the \'Username\' parameter in the component \'quokka/admin/actions.py\'. | MEDIUM | Aug 16, 2021 |
| CVE-2020-18703 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component \'quokka/utils/atom.py\'. | HIGH | Aug 16, 2021 |
| CVE-2020-18704 | Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the \'image\' widget in the component \'Change Widgy Page\'. | HIGH | Aug 16, 2021 |
| CVE-2020-18705 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component \'quokka/core/content/views.py\'. | HIGH | Aug 16, 2021 |
| CVE-2020-18713 | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | HIGH | Feb 5, 2021 |
| CVE-2020-18714 | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php\'s getdata function. | HIGH | Feb 5, 2021 |
| CVE-2020-18715 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 |
| CVE-2020-18716 | SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | HIGH | Feb 5, 2021 |
| CVE-2020-18717 | SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | HIGH | Feb 5, 2021 |
| CVE-2020-18723 | Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities. | LOW | Feb 4, 2021 |
| CVE-2020-18724 | Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list. | LOW | Feb 4, 2021 |
| CVE-2020-18730 | A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | MEDIUM | Aug 24, 2021 |
| CVE-2020-18731 | A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | MEDIUM | Aug 24, 2021 |
| CVE-2020-18734 | A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | MEDIUM | Aug 24, 2021 |
| CVE-2020-18735 | A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | MEDIUM | Aug 24, 2021 |
| CVE-2020-18737 | An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. | MEDIUM | Feb 5, 2021 |
| CVE-2020-18741 | Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user\'s photo via the photoid%5B%5D and photodesc%5B%5D parameters in the component index.php?app=photo. | MEDIUM | Jul 8, 2021 |
| CVE-2020-18746 | SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component aitecms/login/diy_list.php. | MEDIUM | Aug 18, 2021 |
