|
211451
|
6.1 |
MEDIUM
Network
|
accesspressthemes
|
wp_floating_menu
|
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25378
|
2024-11-21 14:17 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211452
|
5.4 |
MEDIUM
Network
|
softrade
|
wp_smart_crm_\&_invoices
|
Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25375
|
2024-11-21 14:17 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211453
|
7.8 |
HIGH
Local
|
kingsoft
|
wps_office
|
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/pa…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25291
|
2024-11-21 14:17 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211454
|
5.5 |
MEDIUM
Local
|
avast
|
secureline_vpn
|
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
|
CWE-59
Link Following
|
CVE-2020-25289
|
2024-11-21 14:17 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211455
|
7.2 |
HIGH
Network
|
pligg_project
|
pligg
|
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Op…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25287
|
2024-11-21 14:17 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211456
|
5.3 |
MEDIUM
Network
|
wordpress
|
wordpress
|
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
|
NVD-CWE-noinfo
|
CVE-2020-25286
|
2024-11-21 14:17 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211457
|
6.4 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly hav…
|
CWE-362
CWE-787
CWE-476
Race Condition
Out-of-bounds Write
NULL Pointer Dereference
|
CVE-2020-25285
|
2024-11-21 14:17 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211458
|
4.1 |
MEDIUM
Local
|
linux
debian
opensuse
|
linux_kernel
debian_linux
leap
|
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map …
|
CWE-863
Incorrect Authorization
|
CVE-2020-25284
|
2024-11-21 14:17 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211459
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP…
|
CWE-862
Missing Authorization
|
CVE-2020-25283
|
2024-11-21 14:17 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211460
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on…
|
CWE-862
Missing Authorization
|
CVE-2020-25282
|
2024-11-21 14:17 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
