|
208401
|
8.7 |
HIGH
Network
|
highlightjs
debian
oracle
|
highlight.js
debian_linux
mysql_enterprise_monitor
|
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will …
|
-
|
CVE-2020-26237
|
2024-11-21 14:19 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208402
|
5.3 |
MEDIUM
Network
|
time_project
|
time
|
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-26235
|
2024-11-21 14:19 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208403
|
3.7 |
LOW
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerab…
|
-
|
CVE-2020-26229
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208404
|
7.5 |
HIGH
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cry…
|
-
|
CVE-2020-26228
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208405
|
6.7 |
MEDIUM
Local
|
octobercms
|
october
|
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-202…
|
-
|
CVE-2020-26231
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208406
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site…
|
-
|
CVE-2020-26227
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208407
|
5.4 |
MEDIUM
Network
|
scratchaddons
|
scratch_addons
|
Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links ad…
|
-
|
CVE-2020-26239
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208408
|
7.5 |
HIGH
Network
|
scratchverifier
|
scratchverifier
|
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation …
|
-
|
CVE-2020-26236
|
2024-11-21 14:19 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208409
|
7.8 |
HIGH
Local
|
pritunl
|
pritunl-client-electron
|
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected sy…
|
CWE-59
Link Following
|
CVE-2020-25989
|
2024-11-21 14:19 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208410
|
8.1 |
HIGH
Network
|
semantic-release_project
|
semantic-release
|
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded whe…
|
-
|
CVE-2020-26226
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
