Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 40분 49초 지남

CVE-2020-26042

목, 2020/10/01 - 3:15오전
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php

CVE-2020-26043

목, 2020/10/01 - 3:15오전
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php

CVE-2020-26053

목, 2020/10/01 - 3:15오전
Cybereason Endpoint Solutions Cybereason Endpoint Protection Version 20.1.261.0 is affected by an infection using Powershell script calling Ransomware to encrypt the victim machine using a delay between server and sensor communication from Cybereason AV in Windows 10 Machines

CVE-2020-26137

목, 2020/10/01 - 3:15오전
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

CVE-2020-26148

목, 2020/10/01 - 3:15오전
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.

CVE-2020-24569

목, 2020/10/01 - 3:15오전
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.

CVE-2020-24570

목, 2020/10/01 - 3:15오전
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.

CVE-2020-24721

목, 2020/10/01 - 3:15오전
An issue was discovered in the GAEN (aka Google Apple Encounter Notification) protocol through 2020-08-27, as used in Corona applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or dis-proving an encounter notification.

CVE-2020-25760

목, 2020/10/01 - 3:15오전
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

CVE-2020-25761

목, 2020/10/01 - 3:15오전
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.

CVE-2020-25762

목, 2020/10/01 - 3:15오전
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.

CVE-2020-25763

목, 2020/10/01 - 3:15오전
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.

CVE-2020-21524

목, 2020/10/01 - 3:15오전
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423

CVE-2020-21525

목, 2020/10/01 - 3:15오전
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.

CVE-2020-21526

목, 2020/10/01 - 3:15오전
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.

CVE-2020-21527

목, 2020/10/01 - 3:15오전
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.

CVE-2020-21564

목, 2020/10/01 - 3:15오전
An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.

CVE-2020-22481

목, 2020/10/01 - 3:15오전
An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information.

CVE-2020-22842

목, 2020/10/01 - 3:15오전
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.

CVE-2020-19670

목, 2020/10/01 - 3:15오전
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.

페이지