|
210521
|
7.5 |
HIGH
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwor…
|
CWE-613
CWE-307
Insufficient Session Expiration
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-10876
|
2024-11-21 13:56 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210522
|
4.7 |
MEDIUM
Local
|
torchbox
|
wagtail
|
In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password …
|
CWE-362
Race Condition
|
CVE-2020-11037
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210523
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11030
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210524
|
6.1 |
MEDIUM
Network
|
debian
wordpress
|
debian_linux
wordpress
|
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version …
|
CWE-79
Cross-site Scripting
|
CVE-2020-11029
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210525
|
7.5 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11028
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210526
|
8.1 |
HIGH
Network
|
debian
wordpress
|
debian_linux
wordpress
|
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious part…
|
-
|
CVE-2020-11027
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210527
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user wit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11026
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210528
|
8.8 |
HIGH
Network
|
intelmq_manager_project
|
intelmq_manager
|
IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of t…
|
CWE-78
OS Command
|
CVE-2020-11016
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210529
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated use…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11025
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210530
|
9.1 |
CRITICAL
Network
|
thinx-device-api_project
|
thinx-device-api
|
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and …
|
-
|
CVE-2020-11015
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
