|
210621
|
8.7 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component…
|
-
|
CVE-2020-15276
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210622
|
7.2 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15277
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210623
|
8.1 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registra…
|
-
|
CVE-2020-15273
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210624
|
7.5 |
HIGH
Network
|
cogboard
|
red_discord_bot
|
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hiera…
|
-
|
CVE-2020-15278
|
2024-11-21 14:05 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210625
|
7.0 |
HIGH
Local
|
blueman_project
debian
fedoraproject
|
blueman
debian_linux
fedora
|
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe…
|
CWE-88
Argument Injection
|
CVE-2020-15238
|
2024-11-21 14:05 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210626
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
pulse_policy_secure
policy_secure
|
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forg…
|
CWE-611
XXE
|
CVE-2020-15352
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210627
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual …
|
-
|
CVE-2020-15274
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210628
|
9.6 |
CRITICAL
Network
|
git-tag-annotation-action_project
|
git-tag-annotation-action
|
In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to…
|
-
|
CVE-2020-15272
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210629
|
8.8 |
HIGH
Network
|
lookatme_project
|
lookatme
|
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown …
|
CWE-78
OS Command
|
CVE-2020-15271
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210630
|
4.3 |
MEDIUM
Network
|
parseplatform
|
parse-server
|
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription object…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2020-15270
|
2024-11-21 14:05 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
