|
208211
|
8.8 |
HIGH
Adjacent
|
netgear
|
rax40_firmware
|
NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.
|
NVD-CWE-Other
|
CVE-2020-26898
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208212
|
8.8 |
HIGH
Adjacent
|
netgear
|
cbr40_firmware
rbk752_firmware
rbr750_firmware
rbs750_firmware
rbk852_firmware
rbr850_firmware
rbs850_firmware
|
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852…
|
NVD-CWE-noinfo
|
CVE-2020-26897
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208213
|
8.8 |
HIGH
Network
|
garfield_petshop_project
|
garfield_petshop
|
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2020-26522
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208214
|
7.8 |
HIGH
Local
|
faulknermedia
|
wildlife_issues_in_the_new_millennium
|
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using Li…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-26894
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208215
|
8.8 |
HIGH
Network
|
formalms
|
formalms
|
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accompl…
|
CWE-352
Origin Validation Error
|
CVE-2020-26802
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208216
|
5.5 |
MEDIUM
Local
|
dlink
|
dsr-250n_firmware
|
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore u…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26567
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208217
|
7.8 |
HIGH
Local
|
sympa
fedoraproject
debian
|
sympa
fedora
debian_linux
|
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it thr…
|
CWE-269
Improper Privilege Management
|
CVE-2020-26880
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208218
|
7.5 |
HIGH
Network
|
wpcoursesplugin
|
wp-courses
|
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26876
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208219
|
6.1 |
MEDIUM
Network
|
cure53
debian
microsoft
oracle
|
dompurify
debian_linux
visual_studio_2017
visual_studio_2019
application_express
|
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26870
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208220
|
8.8 |
HIGH
Network
|
elementor
|
elementor_pro
|
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable…
|
CWE-269
Improper Privilege Management
|
CVE-2020-26596
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
