|
208741
|
7.5 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-28145
|
2024-11-21 14:22 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208742
|
6.1 |
MEDIUM
Network
|
53kf
|
53kf
|
Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28119
|
2024-11-21 14:22 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208743
|
5.3 |
MEDIUM
Network
|
yandex
|
yandex_browser
|
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-27970
|
2024-11-21 14:22 |
2021-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208744
|
7.3 |
HIGH
Network
|
yandex
|
yandex_browser
|
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
|
CWE-346
Origin Validation Error
|
CVE-2020-27969
|
2024-11-21 14:22 |
2021-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208745
|
7.8 |
HIGH
Local
|
apple
|
mac_os_x
|
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may l…
|
NVD-CWE-noinfo
|
CVE-2020-27942
|
2024-11-21 14:22 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208746
|
4.3 |
MEDIUM
Network
|
apple
|
apple_tv
|
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app.
|
NVD-CWE-noinfo
|
CVE-2020-27940
|
2024-11-21 14:22 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208747
|
6.1 |
MEDIUM
Network
|
eyoucms
|
eyoucms
|
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28146
|
2024-11-21 14:22 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208748
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead …
|
CWE-416
Use After Free
|
CVE-2020-28594
|
2024-11-21 14:22 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208749
|
9.8 |
CRITICAL
Network
|
easycorp
|
zentao
|
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28165
|
2024-11-21 14:22 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208750
|
8.8 |
HIGH
Network
|
tinyobjloader_project
|
tinyobjloader
|
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to cod…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-28589
|
2024-11-21 14:22 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
