|
197361
|
4.8 |
MEDIUM
Network
|
webtechideas
|
wti_like_post
|
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is execu…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8799
|
2024-11-21 14:39 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197362
|
5.9 |
MEDIUM
Network
|
google
|
earth
|
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8896
|
2024-11-21 14:39 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197363
|
5.3 |
MEDIUM
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveal…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-8792
|
2024-11-21 14:39 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197364
|
6.5 |
MEDIUM
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issue…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8791
|
2024-11-21 14:39 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197365
|
9.8 |
CRITICAL
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could…
|
CWE-307
CWE-521
mproper Restriction of Excessive Authentication Attempts
Weak Password Requirements
|
CVE-2020-8790
|
2024-11-21 14:39 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197366
|
8.9 |
HIGH
Network
|
pega
|
platform
|
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8775
|
2024-11-21 14:39 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197367
|
8.8 |
HIGH
Network
|
pega
|
pega_platform
|
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8774
|
2024-11-21 14:39 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197368
|
8.9 |
HIGH
Network
|
pega
|
platform
|
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8773
|
2024-11-21 14:39 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197369
|
9.8 |
CRITICAL
Network
|
huawei
|
ar3200_firmware
|
Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to …
|
CWE-287
Improper Authentication
|
CVE-2020-9068
|
2024-11-21 14:39 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197370
|
6.7 |
MEDIUM
Local
|
huawei
|
osd_firmware
|
Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vu…
|
NVD-CWE-noinfo
|
CVE-2020-9072
|
2024-11-21 14:39 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
