|
198751
|
6.1 |
MEDIUM
Network
|
pixelite
|
events_manager
|
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
|
-
|
CVE-2020-35037
|
2024-11-21 14:26 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198752
|
7.2 |
HIGH
Network
|
pixelite
|
events_manager
|
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
|
-
|
CVE-2020-35012
|
2024-11-21 14:26 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198753
|
9.8 |
CRITICAL
Network
|
windriver
oracle
|
vxworks
communications_eagle
|
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-35198
|
2024-11-21 14:26 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198754
|
9.8 |
CRITICAL
Network
|
mobileiron
|
mobile\@work
|
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35138
|
2024-11-21 14:26 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198755
|
7.5 |
HIGH
Network
|
mobileiron
|
mobile\@work
|
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiro…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35137
|
2024-11-21 14:26 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198756
|
9.6 |
CRITICAL
Network
|
acquia
|
mautic
|
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35125
|
2024-11-21 14:26 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198757
|
7.8 |
HIGH
Local
|
cloudflare
|
warp
|
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-35152
|
2024-11-21 14:26 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198758
|
7.8 |
HIGH
Local
|
acronis
|
true_image
|
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-35145
|
2024-11-21 14:26 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198759
|
9.6 |
CRITICAL
Network
|
acquia
|
mautic
|
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35124
|
2024-11-21 14:26 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198760
|
9.0 |
CRITICAL
Network
|
acquia
|
mautic
|
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an …
|
CWE-79
Cross-site Scripting
|
CVE-2020-35128
|
2024-11-21 14:26 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
