• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2020-28905

February 26, 2023 by

Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.

CVE-2020-28870

February 26, 2023 by

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

CVE-2020-28502

February 26, 2023 by

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

CVE-2020-28464

February 26, 2023 by

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

CVE-2020-28366

February 26, 2023 by

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

CVE-2020-26124

February 26, 2023 by

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 146
  • Go to page 147
  • Go to page 148
  • Go to page 149
  • Go to page 150
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE