CVE-2020-19954

creationtimestamp| type| source ---|---|--- 2021-10-14 18:27:47+00:00| seen| https://t.me/cibsecurity/30569...

CVE-2020-19954

CVE-2020-19954 : An XML External Entity (XXE) vulnerability affects S-CMS 3.0, specifically the /api/notify.php endpoint, enabling an attacker to read arbitrary files. Root cause: XXE in XML processing. Documented impact across sources (NVD, CNVD, Red Hat). CVSS v3.1 base score 7.5 (HIGH); CVSS v...

CVE-2018-19954

CVE-2018-19954 is a cross-site scripting vulnerability in QNAP Systems Inc. Photo Station. Affected versions are Photo Station prior to 5.7.11 and prior to 6.0.10. The issue stems from insufficient input validation in the Web application, enabling remote attackers to inject malicious code if expl...

CVE-2019-19954

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\nodemodules.bin\wmic.exe file...

CVE-2019-19954

Signal Desktop (Windows) prior to 1.29.1 contains a local privilege escalation flaw: an attacker can place a Trojan horse named wmic.exe under %SYSTEMDRIVE%\node_modules.bin to gain higher privileges. Descriptions across NVD, Red Hat, OSV, ENISA-related entries corroborate the same issue. No func...