|
197491
|
5.4 |
MEDIUM
Network
|
brainstormforce
|
spectra
|
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36656
|
2024-11-21 14:30 |
2023-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197492
|
7.5 |
HIGH
Network
|
konghq
|
multipart
|
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads t…
|
-
|
CVE-2020-36661
|
2024-11-21 14:30 |
2023-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197493
|
8.1 |
HIGH
Network
|
lemonldap-ng
debian
|
apache\
debian_linux
|
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS m…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36659
|
2024-11-21 14:30 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197494
|
8.1 |
HIGH
Network
|
lemonldap-ng
debian
|
apache\
debian_linux
|
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module fo…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36658
|
2024-11-21 14:30 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197495
|
7.8 |
HIGH
Local
|
uptimed_project
|
uptimed
|
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there i…
|
NVD-CWE-noinfo
|
CVE-2020-36657
|
2024-11-21 14:30 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197496
|
8.8 |
HIGH
Network
|
yiiframework
|
gii
|
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
|
CWE-94
Code Injection
|
CVE-2020-36655
|
2024-11-21 14:30 |
2023-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197497
|
6.1 |
MEDIUM
Network
|
geni
|
geni-portal
|
A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argu…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36654
|
2024-11-21 14:30 |
2023-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197498
|
7.5 |
HIGH
Network
|
nodeserver_project
|
nodeserver
|
A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to p…
|
CWE-22
Path Traversal
|
CVE-2020-36651
|
2024-11-21 14:30 |
2023-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197499
|
8.0 |
HIGH
Adjacent
|
gry_project
|
gry
|
A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 i…
|
CWE-77
Command Injection
|
CVE-2020-36650
|
2024-11-21 14:30 |
2023-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197500
|
7.5 |
HIGH
Network
|
papaparse
|
papaparse
|
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regula…
|
-
|
CVE-2020-36649
|
2024-11-21 14:30 |
2023-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
