|
209011
|
7.5 |
HIGH
Network
|
processwire
|
processwire
|
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2020-27467
|
2024-11-21 14:21 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209012
|
6.1 |
MEDIUM
Network
|
mit
|
scratch-svg-renderer
|
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27428
|
2024-11-21 14:21 |
2022-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209013
|
9.8 |
CRITICAL
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-27416
|
2024-11-21 14:21 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209014
|
5.4 |
MEDIUM
Network
|
debug_meta_data_project
|
debug_meta_data
|
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27356
|
2024-11-21 14:21 |
2021-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209015
|
4.2 |
MEDIUM
Local
|
mahadiscom
|
mahavitaran
|
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27413
|
2024-11-21 14:21 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209016
|
5.9 |
MEDIUM
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server log…
|
CWE-200
Information Exposure
|
CVE-2020-27414
|
2024-11-21 14:21 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209017
|
4.7 |
MEDIUM
Local
|
linux
fedoraproject
oracle
|
linux_kernel
fedora
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function
|
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o…
|
-
|
CVE-2020-27820
|
2024-11-21 14:21 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209018
|
5.4 |
MEDIUM
Network
|
dynpg
|
dynpg
|
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27406
|
2024-11-21 14:21 |
2021-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209019
|
9.8 |
CRITICAL
Network
|
civetweb_project
siemens
|
civetweb
sinec_infrastructure_network_services
|
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request A…
|
CWE-22
Path Traversal
|
CVE-2020-27304
|
2024-11-21 14:21 |
2021-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209020
|
9.8 |
CRITICAL
Network
|
brandy_project
|
brandy
|
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27372
|
2024-11-21 14:21 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
