|
209361
|
8.2 |
HIGH
Network
|
linuxfoundation
|
the_update_framework
|
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This al…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15163
|
2024-11-21 14:04 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209362
|
8.6 |
HIGH
Local
|
johnkerl
|
miller
|
In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc`…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15167
|
2024-11-21 14:04 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209363
|
8.8 |
HIGH
Network
|
sensiolabs
fedoraproject
|
httpclient
symfony
fedora
|
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X…
|
-
|
CVE-2020-15094
|
2024-11-21 14:04 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209364
|
9.8 |
CRITICAL
Network
|
duffel
|
paginator
|
There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially aff…
|
-
|
CVE-2020-15150
|
2024-11-21 14:04 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209365
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15020
|
2024-11-21 14:04 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209366
|
7.6 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script f…
|
-
|
CVE-2020-15159
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209367
|
7.3 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. Th…
|
-
|
CVE-2020-15155
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209368
|
7.3 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_field…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15154
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209369
|
9.1 |
CRITICAL
Network
|
chameleon_mini_live_debugger_project
|
chameleon_mini_live_debugger
|
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending …
|
-
|
CVE-2020-15165
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209370
|
10.0 |
CRITICAL
Network
|
scratch-wiki
|
scratch_login
|
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whit…
|
CWE-74
Injection
|
CVE-2020-15164
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
