29 matches found
CVE-2026-20126
creationtimestamp| type| source ---|---|--- 2026-02-25 16:34:22+00:00| seen| https://vulnerability.circl.lu/bundle/b24f0b20-207c-4881-af91-eb1d15b224ba 2026-02-25 17:00:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mfp5rtagrx26 2026-02-25 17:29:05+00:00| seen|...
CVE-2022-20126
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product...
CVE-2021-20126
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...
CVE-2025-20126
A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...
CVE-2025-20126
creationtimestamp| type| source ---|---|--- 2025-01-08 16:15:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113793626147584315 2025-01-08 16:15:48+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113793626771738794 2025-01-08 16:16:16+00:00| seen|...
CVE-2025-20126 Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability
A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...
CVE-2023-20126
creationtimestamp| type| source ---|---|--- 2023-05-05 00:37:29+00:00| seen| https://t.me/cibsecurity/63337 2023-05-05 08:17:43+00:00| seen| Telegram/FelUsBGodC5lLjUjmllRM3Z-OUqCW9Bw2ZCgJBO7KvYA 2023-05-05 08:39:19+00:00| seen| https://t.me/KomunitiSiber/155 2023-05-05 09:28:02+00:00| seen|...
CVE-2023-20126
Cisco SPA112 (2-Port) has a remote command execution vulnerability (CVE-2023-20126) due to a missing authentication step in the firmware upgrade flow. An unauthenticated attacker can upgrade to crafted firmware to run arbitrary code with full privileges. A PoC exists (RancidCrisco) that gains a r...
SUSE CVE-2018-20126
hw/rdma/vmw/pvrdmacmd.c in QEMU allows createcq and createqp memory leaks because errors are mishandled...
CVE-2017-20126
creationtimestamp| type| source ---|---|--- 2022-07-13 22:37:06+00:00| seen| https://t.me/cibsecurity/46182...
CVE-2017-20126
A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely...
CVE-2017-20126
A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely...
CVE-2017-20126
KB Affiliate Referral Script 1.0 contains a SQL injection in /index.php triggered by manipulating the username/password fields with the payload 'or''='; exploitation is remote and the public exploit is available. This CVE (CVE-2017-20126) affects the script and has been discussed across multiple ...
CVE-2017-20126 KB Affiliate Referral Script index.php sql injection
A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely...
CVE-2022-20126
creationtimestamp| type| source ---|---|--- 2022-06-15 16:20:27+00:00| seen| https://t.me/cibsecurity/44498 2023-03-29 08:59:52+00:00| published-proof-of-concept| https://t.me/dilagrafie/2759 2023-04-02 11:47:21+00:00| published-proof-of-concept| https://t.me/dilagrafie/2826 2023-10-13...
CVE-2022-20126
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product...
CVE-2022-20126
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product...
CVE-2022-20126
The vulnerability CVE-2022-20126 affects Android (Android-10 to Android-12L) via the Bluetooth stack: in AdapterService.java, setScanMode can enable Bluetooth discovery mode without user interaction due to a missing permission check. This creates local elevation of privilege with user execution p...
CVE-2021-20126
creationtimestamp| type| source ---|---|--- 2021-10-13 20:26:49+00:00| seen| https://t.me/cibsecurity/30520...
CVE-2021-20126
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...