|
1261
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack…
|
CWE-352
Origin Validation Error
|
CVE-2020-37217
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
|
CWE-89
SQL Injection
|
CVE-2020-37218
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
7.5 |
HIGH
Network
|
-
|
-
|
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques…
|
CWE-22
Path Traversal
|
CVE-2020-37219
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
7.5 |
HIGH
Network
|
-
|
-
|
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-37220
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
7.2 |
HIGH
Network
|
-
|
-
|
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37222
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
7.8 |
HIGH
Local
|
-
|
-
|
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a maliciou…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37223
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
7.1 |
HIGH
Network
|
-
|
-
|
Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att…
|
CWE-89
SQL Injection
|
CVE-2020-37224
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37225
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
7.1 |
HIGH
Network
|
-
|
-
|
Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Att…
|
CWE-89
SQL Injection
|
CVE-2020-37226
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
5.5 |
MEDIUM
Local
|
jqlang
|
jq
|
jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two
otherwise valid modules include each other.
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44777
|
2026-05-14 02:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
