|
209121
|
8.8 |
HIGH
Adjacent
|
drtrustusa
|
icheck_connect_bp_monitor_bp_testing_118_firmware
|
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-27376
|
2024-11-21 14:21 |
2022-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209122
|
6.5 |
MEDIUM
Adjacent
|
drtrustusa
|
icheck_connect_bp_monitor_bp_testing_118_firmware
|
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-27375
|
2024-11-21 14:21 |
2022-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209123
|
7.5 |
HIGH
Adjacent
|
drtrustusa
|
icheck_connect_bp_monitor_bp_testing_118_firmware
|
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-27374
|
2024-11-21 14:21 |
2022-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209124
|
8.8 |
HIGH
Adjacent
|
drtrustusa
|
icheck_connect_bp_monitor_bp_testing_118_firmware
|
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.
|
CWE-78
OS Command
|
CVE-2020-27373
|
2024-11-21 14:21 |
2022-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209125
|
7.5 |
HIGH
Network
|
processwire
|
processwire
|
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2020-27467
|
2024-11-21 14:21 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209126
|
6.1 |
MEDIUM
Network
|
mit
|
scratch-svg-renderer
|
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27428
|
2024-11-21 14:21 |
2022-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209127
|
9.8 |
CRITICAL
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-27416
|
2024-11-21 14:21 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209128
|
5.4 |
MEDIUM
Network
|
debug_meta_data_project
|
debug_meta_data
|
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27356
|
2024-11-21 14:21 |
2021-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209129
|
4.2 |
MEDIUM
Local
|
mahadiscom
|
mahavitaran
|
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27413
|
2024-11-21 14:21 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209130
|
5.9 |
MEDIUM
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server log…
|
CWE-200
Information Exposure
|
CVE-2020-27414
|
2024-11-21 14:21 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
