|
211671
|
9.8 |
CRITICAL
Network
|
airleader
|
airleader_master_control
|
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-26510
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211672
|
7.5 |
HIGH
Network
|
airleader
|
airleader_master_control
|
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-26509
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211673
|
9.8 |
CRITICAL
Network
|
canon
|
oce_colorwave_3500_firmware
|
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-26508
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211674
|
8.8 |
HIGH
Network
|
xstream_project
debian
netapp
apache
oracle
|
xstream
debian_linux
snapmanager
activemq
banking_platform
communications_policy_management
banking_virtual_account_management
business_activity_monitoring
retail_xstore_point…
|
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Onl…
|
-
|
CVE-2020-26217
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211675
|
6.5 |
MEDIUM
Network
|
jetbrains
|
ktor
|
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-26129
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211676
|
9.8 |
CRITICAL
Network
|
user_registration_\&_login_and_user_management_system_project
|
user_registration_\&_login_and_user_management_system
|
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
|
CWE-89
SQL Injection
|
CVE-2020-25952
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211677
|
6.5 |
MEDIUM
Network
|
spreecommerce
|
spree
|
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. …
|
-
|
CVE-2020-26223
|
2024-11-21 14:19 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211678
|
5.3 |
MEDIUM
Network
|
radarcovid
|
radar-covid-backend-dp3t-server
radarcovid
|
Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID T…
|
-
|
CVE-2020-26230
|
2024-11-21 14:19 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211679
|
8.8 |
HIGH
Network
|
dependabot_project
|
dependabot
|
Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before versi…
|
-
|
CVE-2020-26222
|
2024-11-21 14:19 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211680
|
6.1 |
MEDIUM
Network
|
touchbase.ai_project
|
touchbase.ai
|
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cooki…
|
-
|
CVE-2020-26221
|
2024-11-21 14:19 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
