LiveActive security incident?Get immediate response
CVE archive

February 2020

Browse CVE records published in February 2020, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1527 matching CVEs · Page 3 of 31.

Medium · CVSS 6.7

CVE-2020-37171: TapinRadio 2.12.3 - 'username' Denial of Service

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

Published Feb 6, 2026 · Updated Feb 17, 2026

High · CVSS 7.5

CVE-2020-37175: P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.

Published Feb 11, 2026 · Updated Feb 17, 2026

High · CVSS 7.5

CVE-2020-37179: APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service

APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 13, 2026

High · CVSS 7.5

CVE-2020-37177: BOOTP Turbo 2.0 - Denial of Service (SEH)

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.

Published Feb 11, 2026 · Updated Feb 13, 2026

Critical · CVSS 9.8

CVE-2020-37176: Torrent 3GP Converter 1.51 - Stack Overflow (SEH)

Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.

Published Feb 11, 2026 · Updated Feb 13, 2026

High · CVSS 8.7

CVE-2020-37173: AVideo Platform 8.1 - Information Disclosure (User Enumeration)

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 8.5

CVE-2020-37172: AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 8.7

CVE-2020-37182: Redir 3.3 - Denial of Service

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.

Published Feb 11, 2026 · Updated Feb 12, 2026

Critical · CVSS 9.8

CVE-2020-37181: Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite)

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37180: GTalk Password Finder 2.2.1 - 'Key' Denial of Service

GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37185: Backup Key Recovery 2.2.5 - 'Name' Denial of Service

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37187: SpotDialup 1.6.7 - 'Name' Denial of Service

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37188: SpotOutlook 1.2.6 - 'Name' Denial of Service

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37189: TaskCanvas 1.4.0 - 'Registration' Denial Of Service

TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37209: SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37190: Top Password Firefox Password Recovery 2.8 - Denial of Service

Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37191: Top Password Software Dialup Password Recovery 1.30 - Denial of Service

Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37210: SpotIE 2.9.5 - 'Key' Denial of Service

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37211: SpotIM 2.2 - 'Name' Denial Of Service

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37212: SpotMSN 2.4.6 - 'Name' Denial of Service

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37213: TextCrawler Pro3.1.1 - Denial of Service

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

Critical · CVSS 9.8

CVE-2020-37183: Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.

Published Feb 11, 2026 · Updated Feb 12, 2026

Critical · CVSS 9.8

CVE-2020-37184: Allok Video Converter 4.6.1217 - Stack Overflow (SEH)

Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37196: Dnss Domain Name Search Software - 'Key' Denial of Service

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37208: SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37207: SpotDialup 1.6.7 - 'Key' Denial of Service

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37205: RemShutdown 2.9.0.0 - 'Name' Denial of Service

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37204: RemShutdown 2.9.0.0 - 'Key' Denial of Service

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37203: Office Product Key Finder 1.5.4 - Denial of Service

Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37202: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service

NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37201: NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37200: NetShareWatcher 1.5.8.0 - 'Key' Denial of Service

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

High · CVSS 7.5

CVE-2020-37197: Dnss Domain Name Search Software - 'Name' Denial of Service

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.

Published Feb 11, 2026 · Updated Feb 12, 2026

Critical · CVSS 9.8

CVE-2020-37124: B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process.

Published Feb 5, 2026 · Updated Feb 6, 2026

Critical · CVSS 9.8

CVE-2020-37123: Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

Published Feb 5, 2026 · Updated Feb 6, 2026

Medium · CVSS 6.7

CVE-2020-37121: CODE::BLOCKS 16.01 - Buffer Overflow (SEH) UNICODE

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution.

Published Feb 5, 2026 · Updated Feb 6, 2026

Critical · CVSS 9.8

CVE-2020-37120: Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)

Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.

Published Feb 5, 2026 · Updated Feb 6, 2026

High · CVSS 7.1

CVE-2020-37108: PhpIX 2012 Professional - 'id' SQL Injection

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.

Published Feb 3, 2026 · Updated Feb 6, 2026

High · CVSS 8.8

CVE-2020-37113: GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

Published Feb 3, 2026 · Updated Feb 6, 2026

Medium · CVSS 5.3

CVE-2020-37114: GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

Published Feb 3, 2026 · Updated Feb 6, 2026

Critical · CVSS 9.8

CVE-2020-37126: Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.

Published Feb 5, 2026 · Updated Feb 5, 2026

Medium · CVSS 6.9

CVE-2020-37127: dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.

Published Feb 5, 2026 · Updated Feb 5, 2026

High · CVSS 8.4

CVE-2020-37139: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash.

Published Feb 5, 2026 · Updated Feb 5, 2026

High · CVSS 7.5

CVE-2020-37133: UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.

Published Feb 5, 2026 · Updated Feb 5, 2026

Medium · CVSS 6.7

CVE-2020-37132: UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.

Published Feb 5, 2026 · Updated Feb 5, 2026

High · CVSS 7.5

CVE-2020-37143: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.

Published Feb 5, 2026 · Updated Feb 5, 2026

Medium · CVSS 6.9

CVE-2020-37086: Easy Transfer 1.7 for iOS - Directory Traversal

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.

Published Feb 3, 2026 · Updated Feb 4, 2026

High · CVSS 8.7

CVE-2020-37085: VirtualTablet Server 3.0.2 - Denial of Service (PoC)

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing the server to become unresponsive.

Published Feb 3, 2026 · Updated Feb 4, 2026