In Textpattern 4.5.7, an unprivileged author can change an article’s markup setting. Date published : 2020-08-14 https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt https://github.com/textpattern/textpattern/commit/950d9e0e4ee46efa41e791eac6cd55d2f558c3c9
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). Date published : 2020-08-14...
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Date published : 2020-08-14 https://www.fortiguard.com/psirt/FG-IR-19-037
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. Date published : 2020-08-14 https://psytester.github.io/CVE-2019-19643/
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to...
The resolveRepositoryPath function doesn’t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as...
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. Date published : 2020-08-14 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-fc-en
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. Date published : 2020-08-14 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-fc-en
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. Date published : 2020-08-14 https://snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676
All versions of phpjs are vulnerable to Prototype Pollution via parse_str. Date published : 2020-08-14 https://snyk.io/vuln/SNYK-JS-PHPJS-598681
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which...
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. Date published : 2020-08-14 https://www.ibm.com/support/pages/node/6259393 https://exchange.xforce.ibmcloud.com/vulnerabilities/186233
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application...