|
211911
|
7.5 |
HIGH
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cry…
|
-
|
CVE-2020-26228
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211912
|
6.7 |
MEDIUM
Local
|
octobercms
|
october
|
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-202…
|
-
|
CVE-2020-26231
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211913
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site…
|
-
|
CVE-2020-26227
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211914
|
5.4 |
MEDIUM
Network
|
scratchaddons
|
scratch_addons
|
Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links ad…
|
-
|
CVE-2020-26239
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211915
|
7.5 |
HIGH
Network
|
scratchverifier
|
scratchverifier
|
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation …
|
-
|
CVE-2020-26236
|
2024-11-21 14:19 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211916
|
7.8 |
HIGH
Local
|
pritunl
|
pritunl-client-electron
|
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected sy…
|
CWE-59
Link Following
|
CVE-2020-25989
|
2024-11-21 14:19 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211917
|
8.1 |
HIGH
Network
|
semantic-release_project
|
semantic-release
|
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded whe…
|
-
|
CVE-2020-26226
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211918
|
6.1 |
MEDIUM
Network
|
jupyter
debian
|
notebook
debian_linux
|
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are t…
|
-
|
CVE-2020-26215
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211919
|
9.8 |
CRITICAL
Network
|
planet
|
nvr-915_firmware
nvr-1615_firmware
|
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-26097
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211920
|
6.1 |
MEDIUM
Network
|
cisco
|
iot_field_network_director
|
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affe…
|
CWE-74
Injection
|
CVE-2020-26081
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
