Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2020-06-12 https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. Date published : 2020-06-12 https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2020-06-12 https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-06-12 https://helpx.adobe.com/security/products/framemaker/apsb20-32.html
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-06-12 https://helpx.adobe.com/security/products/framemaker/apsb20-32.html
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-06-12 https://helpx.adobe.com/security/products/framemaker/apsb20-32.html
Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after...
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
In affected versions of WordPress, misuse of the `set-screen-option` filter’s return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter....
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does...
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2,...
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in...
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are...
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. Date published : 2020-06-12 https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html