|
208331
|
8.8 |
HIGH
Network
|
paradox
|
ip150_firmware
|
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
|
-
|
CVE-2020-25185
|
2024-11-21 14:17 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208332
|
5.4 |
MEDIUM
Network
|
grocy_project
|
grocy
|
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25454
|
2024-11-21 14:17 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208333
|
7.3 |
HIGH
Network
|
lemocms
|
lemocms
|
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25406
|
2024-11-21 14:17 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208334
|
7.5 |
HIGH
Network
|
taskcafe_project
|
taskcafe
|
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.
|
NVD-CWE-noinfo
|
CVE-2020-25400
|
2024-11-21 14:17 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208335
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
|
NVD-CWE-noinfo
|
CVE-2020-25210
|
2024-11-21 14:17 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208336
|
7.5 |
HIGH
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
|
NVD-CWE-noinfo
|
CVE-2020-25209
|
2024-11-21 14:17 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208337
|
9.8 |
CRITICAL
Network
|
jetbrains
|
toolbox
|
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
|
NVD-CWE-noinfo
|
CVE-2020-25207
|
2024-11-21 14:17 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208338
|
7.5 |
HIGH
Network
|
bd
|
alaris_8015_pcu_firmware
alaris_systems_manager
|
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerabil…
|
-
|
CVE-2020-25165
|
2024-11-21 14:17 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208339
|
7.5 |
HIGH
Network
|
nexcom
|
nio_50_firmware
|
The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25155
|
2024-11-21 14:17 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208340
|
7.5 |
HIGH
Network
|
nexcom
|
nio_50_firmware
|
The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions).
|
-
|
CVE-2020-25151
|
2024-11-21 14:17 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
