|
215481
|
8.1 |
HIGH
Network
|
debian
wordpress
|
debian_linux
wordpress
|
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious part…
|
-
|
CVE-2020-11027
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215482
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user wit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11026
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215483
|
8.8 |
HIGH
Network
|
intelmq_manager_project
|
intelmq_manager
|
IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of t…
|
CWE-78
OS Command
|
CVE-2020-11016
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215484
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated use…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11025
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215485
|
9.1 |
CRITICAL
Network
|
thinx-device-api_project
|
thinx-device-api
|
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and …
|
-
|
CVE-2020-11015
|
2024-11-21 13:56 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215486
|
8.2 |
HIGH
Network
|
moonlight-stream
|
moonlight
|
In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.
|
CWE-200
Information Exposure
|
CVE-2020-11024
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215487
|
9.8 |
CRITICAL
Network
|
faye_project
|
faye
|
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass c…
|
CWE-287
Improper Authentication
|
CVE-2020-11020
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215488
|
6.1 |
MEDIUM
Network
|
jquery
debian
fedoraproject
drupal
oracle
netapp
tenable
|
jquery
debian_linux
fedora
drupal
weblogic_server
hyperion_financial_reporting
webcenter_sites
application_testing_suite
communications_operations_monitor
communications_in…
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation m…
|
-
|
CVE-2020-11023
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215489
|
7.5 |
HIGH
Network
|
http-client_project
|
http-client
|
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if c…
|
NVD-CWE-noinfo
|
CVE-2020-11021
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215490
|
6.5 |
MEDIUM
Network
|
pagerduty
|
rundeck
|
In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11009
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
