Show filters
460 topics marked with the following tags:
Displaying 21-30 of 460
Sort by:
Attacker Value
Moderate

CVE-2017-6529

Disclosure Date: March 09, 2017 (last updated June 05, 2020)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
Attacker Value
Moderate

CVE-2020-14343

Disclosure Date: February 09, 2021 (last updated February 17, 2021)
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Attacker Value
Moderate

CVE-2020-8091

Disclosure Date: January 27, 2020 (last updated June 05, 2020)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Attacker Value
Very Low

CVE-2020-9340

Disclosure Date: February 22, 2020 (last updated June 05, 2020)
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
Attacker Value
Low

CVE-2020-9268

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Attacker Value
Moderate

CVE-2020-10740

Disclosure Date: June 22, 2020 (last updated July 24, 2020)
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
Attacker Value
High

CVE-2021-26295

Disclosure Date: March 22, 2021 (last updated March 26, 2021)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Attacker Value
Very Low

CVE-2020-11530

Disclosure Date: May 08, 2020 (last updated September 02, 2020)
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
1
Attacker Value
Very Low

CVE-2020-14932

Disclosure Date: June 20, 2020 (last updated June 27, 2020)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Attacker Value
Very High

CVE-2021-37928

Disclosure Date: October 07, 2021 (last updated October 16, 2021)
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.