|
209041
|
5.3 |
MEDIUM
Network
|
target
|
compiler
|
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server c…
|
-
|
CVE-2020-26294
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209042
|
6.1 |
MEDIUM
Network
|
htmlsanitizer_project
|
htmlsanitizer
|
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if styl…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26293
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209043
|
9.8 |
CRITICAL
Network
|
chatter-social
|
creeper
|
Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours betw…
|
-
|
CVE-2020-26292
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209044
|
8.8 |
HIGH
Network
|
qdpm
|
qdpm
|
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-26165
|
2024-11-21 14:19 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209045
|
8.7 |
HIGH
Network
|
vega_project
|
vega
|
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulner…
|
-
|
CVE-2020-26296
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209046
|
6.5 |
MEDIUM
Network
|
uri.js_project
|
uri.js
|
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. I…
|
-
|
CVE-2020-26291
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209047
|
6.5 |
MEDIUM
Network
|
parseplatform
|
parse-server
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords invol…
|
-
|
CVE-2020-26288
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209048
|
4.3 |
MEDIUM
Network
|
nokogiri
debian
|
nokogiri
debian_linux
|
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Noko…
|
CWE-611
XXE
|
CVE-2020-26247
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209049
|
8.7 |
HIGH
Network
|
hedgedoc
|
hedgedoc
|
HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our co…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26287
|
2024-11-21 14:19 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209050
|
7.5 |
HIGH
Network
|
hedgedoc
|
hedgedoc
|
HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including …
|
-
|
CVE-2020-26286
|
2024-11-21 14:19 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
