|
211381
|
3.7 |
LOW
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerab…
|
-
|
CVE-2020-26229
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211382
|
7.5 |
HIGH
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cry…
|
-
|
CVE-2020-26228
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211383
|
6.7 |
MEDIUM
Local
|
octobercms
|
october
|
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-202…
|
-
|
CVE-2020-26231
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211384
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site…
|
-
|
CVE-2020-26227
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211385
|
5.4 |
MEDIUM
Network
|
scratchaddons
|
scratch_addons
|
Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links ad…
|
-
|
CVE-2020-26239
|
2024-11-21 14:19 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211386
|
7.5 |
HIGH
Network
|
scratchverifier
|
scratchverifier
|
In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation …
|
-
|
CVE-2020-26236
|
2024-11-21 14:19 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211387
|
7.8 |
HIGH
Local
|
pritunl
|
pritunl-client-electron
|
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected sy…
|
CWE-59
Link Following
|
CVE-2020-25989
|
2024-11-21 14:19 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211388
|
8.1 |
HIGH
Network
|
semantic-release_project
|
semantic-release
|
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded whe…
|
-
|
CVE-2020-26226
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211389
|
6.1 |
MEDIUM
Network
|
jupyter
debian
|
notebook
debian_linux
|
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are t…
|
-
|
CVE-2020-26215
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211390
|
9.8 |
CRITICAL
Network
|
planet
|
nvr-915_firmware
nvr-1615_firmware
|
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-26097
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
