28 matches found
CVE-2026-20645
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information...
CVE-2026-20645
CVE-2026-20645 is an Apple iOS/iPadOS vulnerability described as an inconsistent user interface issue addressed by improved state management. It affects locked devices where an attacker with physical access may view sensitive user information. The CVE is fixed in iOS 18.7.5 and iPadOS 18.7.5, and...
CVE-2019-20645
NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS...
CVE-2021-20645
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors...
CVE-2023-20645
creationtimestamp| type| source ---|---|--- 2025-03-05 20:36:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6614 2025-03-06 02:17:23+00:00| seen| Telegram/BwYlTtFPmgQfNGrtw4dQpWbmoUzSIxQBFrlnpGmCl1U65...
CVE-2025-20645
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599...
CVE-2025-20645
creationtimestamp| type| source ---|---|--- 2025-03-03 03:33:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6142 2025-03-03 05:29:58+00:00| seen| https://t.me/cvedetector/19292...
CVE-2025-20645
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599...
CVE-2025-20645
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599...
CVE-2025-20645
The CVE-2025-20645 issue affects MediaTek components (KeyInstall) and is caused by a missing bounds check, leading to a possible out-of-bounds write. This could enable local privilege escalation for an attacker with System privileges, with no user interaction required. A patch is available (ALPS0...
CVE-2025-20645
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599...
CVE-2023-20645
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609...
CVE-2023-20645
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609...
CVE-2023-20645
CVE-2023-20645 affects the ril component in MediaTek-based devices. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with system execution privileges. Exploitation does not require user interaction. A patch is identifie...
CVE-2022-20645
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
CVE-2022-20645 Cisco Security Manager Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
CVE-2022-20645
CVE-2022-20645 concerns Cisco Security Manager. The issue is cross-site scripting via the web-based management interface caused by inadequate input validation. An unauthenticated, remote attacker can lure a user to click a crafted link to execute arbitrary script code in the interface context or ...
CVE-2020-20645
The CVE-2020-20645 entry refers to a Cross-Site Scripting (XSS) vulnerability in EyouCMS 1.3.6 within the basic_information area. The root cause is described in CNVD/CNNVD sources as insufficient validation/filtering of user input, enabling an attacker to lure users into sending malicious request...
CVE-2021-20645
creationtimestamp| type| source ---|---|--- 2021-02-12 12:43:34+00:00| seen| https://t.me/cibsecurity/23528...
CVE-2021-20645
CVE-2021-20645 refers to a stored cross-site scripting vulnerability in ELECOM WRC-300FEBK-A. Public sources describe that an arbitrary script could be executed in the browser of a logged-in user due to a vulnerability in the web setup page, with impact listed as execution of scripts on the user’...