|
210161
|
9.8 |
CRITICAL
Network
|
brassica
|
soy_cms
|
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the ser…
|
-
|
CVE-2020-15188
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210162
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart.…
|
CWE-74
Injection
|
CVE-2020-15184
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210163
|
4.7 |
MEDIUM
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an a…
|
NVD-CWE-Other
|
CVE-2020-15187
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210164
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavio…
|
CWE-74
Injection
|
CVE-2020-15186
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210165
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access t…
|
NVD-CWE-Other
|
CVE-2020-15185
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210166
|
4.8 |
MEDIUM
Network
|
soycms_project
|
soycms
|
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administr…
|
-
|
CVE-2020-15183
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210167
|
9.6 |
CRITICAL
Network
|
soy_cms_project
soy_inquiry_project
|
soy_cms
soy_inquiry
|
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allo…
|
-
|
CVE-2020-15182
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210168
|
8.8 |
HIGH
Network
|
fluffycogs_project
|
fluffycogs
|
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions an…
|
-
|
CVE-2020-15172
|
2024-11-21 14:05 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210169
|
9.3 |
CRITICAL
Network
|
prestashop
|
contactform
|
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, p…
|
-
|
CVE-2020-15178
|
2024-11-21 14:05 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210170
|
9.0 |
CRITICAL
Network
|
scratch-wiki
|
scratchsig
|
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visit…
|
-
|
CVE-2020-15179
|
2024-11-21 14:05 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
