|
195981
|
9.8 |
CRITICAL
Network
|
uppy
|
uppy
|
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal system…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8135
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195982
|
8.1 |
HIGH
Network
|
ghost
|
ghost
|
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8134
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195983
|
9.8 |
CRITICAL
Network
|
liferay
|
liferay_portal
|
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7961
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195984
|
7.5 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the serve…
|
NVD-CWE-noinfo
|
CVE-2020-8470
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195985
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipula…
|
CWE-74
Injection
|
CVE-2020-8468
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195986
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
|
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An a…
|
NVD-CWE-noinfo
|
CVE-2020-8467
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195987
|
8.1 |
HIGH
Network
|
openwrt
|
lede
openwrt
|
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded ch…
|
CWE-345
CWE-754
Insufficient Verification of Data Authenticity
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-7982
|
2024-11-21 14:38 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195988
|
7.5 |
HIGH
Network
|
golang
debian
fedoraproject
netapp
|
go
debian_linux
fedora
cloud_insights_telegraf
|
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 c…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7919
|
2024-11-21 14:38 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195989
|
6.5 |
MEDIUM
Network
|
thimpress
|
learnpress
|
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=le…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7916
|
2024-11-21 14:38 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195990
|
8.8 |
HIGH
Network
|
dot_project
|
dot
|
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
|
CWE-94
Code Injection
|
CVE-2020-8141
|
2024-11-21 14:38 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
