|
197091
|
2.4 |
LOW
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does requi…
|
-
|
CVE-2020-4049
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197092
|
5.7 |
MEDIUM
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has…
|
-
|
CVE-2020-4048
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197093
|
6.8 |
MEDIUM
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to sc…
|
-
|
CVE-2020-4047
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197094
|
5.4 |
MEDIUM
Network
|
wordpress
debian
fedoraproject
|
wordpress
debian_linux
fedora
|
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected post…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4046
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197095
|
5.4 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4251
|
2024-11-21 14:32 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197096
|
7.5 |
HIGH
Network
|
scuttlebutt
|
ssb-db
|
SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any me…
|
-
|
CVE-2020-4045
|
2024-11-21 14:32 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197097
|
9.8 |
CRITICAL
Network
|
hcltech
|
hcl_digital_experience
|
"HCL Digital Experience is susceptible to Server Side Request Forgery."
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-4101
|
2024-11-21 14:32 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197098
|
5.4 |
MEDIUM
Network
|
ibm
|
workload_scheduler
|
IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4380
|
2024-11-21 14:32 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197099
|
9.8 |
CRITICAL
Network
|
phpmussel_project
|
phpmussel
|
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution…
|
-
|
CVE-2020-4043
|
2024-11-21 14:32 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197100
|
7.5 |
HIGH
Network
|
ibm
|
aspera_high-speed_transfer_server_for_cloud_pak_for_integration
aspera_shares_on_demand
aspera_server_on_demand
aspera_faspex_on_demand
aspera_application_platform_on_demand
aspera_tra…
|
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a s…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-4436
|
2024-11-21 14:32 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
