Visual Studio Remote Code Execution Vulnerability

CVE-2020-17158HIGHCVSS 8.8EG 8.8

2020-12-10

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

CVE-2020-17159HIGHCVSS 7.8EG 7.8

2020-12-10

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2020-17456CRITICALCVSS 9.8EG 9.8

2020-08-20

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

CVE-2020-18172CRITICALCVSS 9.8EG 9.8

2021-07-26

A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.

CVE-2020-18185CRITICALCVSS 9.8EG 9.8

2020-10-02

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.

CVE-2020-19822HIGHCVSS 7.2EG 7.2

2021-08-26

A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters.

CVE-2020-20124HIGHCVSS 8.8EG 8.8

2021-09-28

Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.

CVE-2020-20298CRITICALCVSS 9.8EG 9.8

2020-12-18

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.

CVE-2020-20601CRITICALCVSS 9.8EG 9.8

2021-12-22

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

CVE-2020-20918HIGHCVSS 7.2EG 7.2

2023-06-20

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.

CVE-2020-21016CRITICALCVSS 9.8EG 9.8

2022-10-31

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.

CVE-2020-21650HIGHCVSS 8.8EG 8.8

2021-10-06

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.

CVE-2020-21651CRITICALCVSS 9.8EG 9.8

2021-10-06

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.

CVE-2020-21652CRITICALCVSS 9.8EG 9.8

2021-10-06

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.

CVE-2020-21784CRITICALCVSS 9.8EG 9.8

2021-06-24

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.

CVE-2020-22120HIGHCVSS 8.8EG 8.8

2021-08-18

A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

CVE-2020-22201HIGHCVSS 8.8EG 8.8

2021-06-16

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.

CVE-2020-22427HIGHCVSS 7.2EG 7.2

2021-02-15

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable becaus…

CVE-2020-22612CRITICALCVSS 9.8EG 9.8

2023-09-01

Installer RCE on settings file write in MyBB before 1.8.22.

CVE-2020-22937CRITICALCVSS 9.8EG 9.8

2021-08-17

A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.

CVE-2020-23037CRITICALCVSS 9.8EG 9.8

2021-10-22

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

CVE-2020-23219HIGHCVSS 8.8EG 8.8

2021-07-01

Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.

CVE-2020-24354HIGHCVSS 8.8EG 8.8

2020-08-31

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.

CVE-2020-24365HIGHCVSS 8.8EG 8.8

2020-09-24

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed…

CVE-2020-24614HIGHCVSS 8.8EG 8.8

2020-08-25

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

CVE-2020-24628HIGHCVSS 8.8EG 8.8

2020-10-02

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.

CVE-2020-25197CRITICALCVSS 9.8EG 8.8

2022-03-18

A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the syste…

CVE-2020-25223CRITICALCVSS 9.8EG 9.8⚠ KEV

2020-09-25

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

CVE-2020-25414CRITICALCVSS 9.8EG 9.8

2021-06-17

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.

CVE-2020-25538HIGHCVSS 8.8EG 8.8

2020-11-13

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.

CVE-2020-25557HIGHCVSS 8.8EG 8.8

2020-11-13

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, au…

CVE-2020-25967HIGHCVSS 8.8EG 8.8

2020-12-10

The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.

CVE-2020-26124HIGHCVSS 8.8EG 8.8

2020-10-02

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation al…

CVE-2020-26165HIGHCVSS 8.8EG 8.8

2020-12-31

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.

CVE-2020-26540HIGHCVSS 7.5EG 7.5

2020-10-02

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.

CVE-2020-26808HIGHCVSS 7.2EG 7.2

2020-11-10

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code int…

CVE-2020-27192HIGHCVSS 7.8EG 7.8

2020-11-17

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated p…

CVE-2020-28366HIGHCVSS 7.5EG 7.5

2020-11-18

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

CVE-2020-28367HIGHCVSS 7.5EG 7.5

2020-11-18

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

CVE-2020-28419HIGHCVSS 8.8EG 8.8

2021-11-09

During installation with certain driver software or application packages an arbitrary code execution could occur.

CVE-2020-28450HIGHCVSS 8.6EG 8.6

2021-02-04

This affects all versions of package decal. The vulnerability is in the extend function.

CVE-2020-28464CRITICALCVSS 9.8EG 9.8

2021-01-04

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

CVE-2020-28502HIGHCVSS 8.1EG 8.1

2021-03-05

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code…

CVE-2020-28695HIGHCVSS 8.8EG 8.8

2021-03-26

Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.

CVE-2020-28870CRITICALCVSS 9.8EG 9.8

2021-02-10

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

CVE-2020-28905HIGHCVSS 8.8EG 8.8

2021-05-24

Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.

CVE-2020-29007CRITICALCVSS 9.8EG 9.8

2023-04-15

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticat…

CVE-2020-3416MEDIUMCVSS 6.7EG 6.7

2020-09-24

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenti…

CVE-2020-35121HIGHCVSS 8.8EG 8.8

2020-12-15

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance o…

CWE-94— Improper Control of Generation of Code (Code Injection)

CVEs classified under CWE-94page 49 of 125

Map vulnerabilities like CWE-94 to your infrastructure