The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-23814 | Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | MEDIUM | Sep 4, 2020 | n/a |
| CVE-2020-23811 | xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | MEDIUM | Sep 3, 2020 | n/a |
| CVE-2020-23804 | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | -- | Aug 22, 2023 | n/a |
| CVE-2020-23793 | An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat\'s VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | -- | Aug 22, 2023 | n/a |
| CVE-2020-23790 | An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | HIGH | May 12, 2021 | n/a |
| CVE-2020-23776 | A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header \'HOST\' value to cause the server to send the request. | MEDIUM | Jan 27, 2021 | n/a |
| CVE-2020-23774 | A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. | MEDIUM | Jan 27, 2021 | n/a |
| CVE-2020-23768 | An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users\' personally identifiable information including e-mail address and telephone numbers. | MEDIUM | May 21, 2021 | n/a |
| CVE-2020-23766 | An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges. | MEDIUM | May 21, 2021 | n/a |
| CVE-2020-23765 | A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | MEDIUM | May 21, 2021 | n/a |
| CVE-2020-23763 | SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | HIGH | Apr 9, 2021 | n/a |
| CVE-2020-23762 | Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the titel column on the Eintrage hinzufugen tab. | LOW | Apr 9, 2021 | n/a |
| CVE-2020-23761 | Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the payment gateway column on transactions tab. | MEDIUM | Apr 9, 2021 | n/a |
| CVE-2020-23754 | Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature. | MEDIUM | Nov 3, 2021 | n/a |
| CVE-2020-23741 | In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23740 | In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23738 | There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23736 | There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23735 | In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23727 | There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23726 | There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). | MEDIUM | Dec 4, 2020 | n/a |
| CVE-2020-23722 | An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the id and fuel_id parameters. | MEDIUM | Mar 12, 2021 | n/a |
| CVE-2020-23721 | An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. | LOW | Mar 12, 2021 | n/a |
| CVE-2020-23719 | Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter. | MEDIUM | Nov 3, 2021 | n/a |
| CVE-2020-23718 | Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php. | MEDIUM | Nov 3, 2021 | n/a |
| CVE-2020-23715 | Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | MEDIUM | Jul 2, 2021 | n/a |
| CVE-2020-23711 | SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. | HIGH | Jul 1, 2021 | n/a |
| CVE-2020-23710 | Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. | LOW | Jun 29, 2021 | n/a |
| CVE-2020-23707 | A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | MEDIUM | Jul 16, 2021 | n/a |
| CVE-2020-23706 | A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | MEDIUM | Jul 16, 2021 | n/a |
| CVE-2020-23705 | A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | MEDIUM | Jul 16, 2021 | n/a |
| CVE-2020-23702 | Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via \'New Shout\' in /infusions/shoutbox_panel/shoutbox_admin.php. | LOW | Jul 7, 2021 | n/a |
| CVE-2020-23700 | Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | LOW | Jul 7, 2021 | n/a |
| CVE-2020-23697 | Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | LOW | Jul 8, 2021 | n/a |
| CVE-2020-23691 | YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | HIGH | May 14, 2021 | n/a |
| CVE-2020-23689 | In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page. | LOW | May 14, 2021 | n/a |
| CVE-2020-23686 | Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | MEDIUM | Nov 2, 2021 | n/a |
| CVE-2020-23685 | SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | HIGH | Nov 3, 2021 | n/a |
| CVE-2020-23680 | An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | MEDIUM | Nov 5, 2021 | n/a |
| CVE-2020-23679 | Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field. | HIGH | Nov 5, 2021 | n/a |
| CVE-2020-23660 | webTareas v2.1 is affected by Cross Site Scripting (XSS) on Search. | LOW | Aug 28, 2020 | n/a |
| CVE-2020-23659 | WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the connections feature. | LOW | Aug 28, 2020 | n/a |
| CVE-2020-23658 | PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. | LOW | Aug 26, 2020 | n/a |
| CVE-2020-23657 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module Configuration. | LOW | Aug 26, 2020 | n/a |
| CVE-2020-23656 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module Content. | LOW | Aug 26, 2020 | n/a |
| CVE-2020-23655 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module Configuration. | LOW | Aug 26, 2020 | n/a |
| CVE-2020-23654 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module Shop. | LOW | Aug 26, 2020 | n/a |
| CVE-2020-23653 | An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | HIGH | Jan 13, 2021 | n/a |
| CVE-2020-23648 | Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. | -- | Oct 19, 2022 | n/a |
| CVE-2020-23647 | Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | -- | Apr 28, 2023 | n/a |
