CVE-2026-20711

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

CVE-2025-20711

creationtimestamp| type| source ---|---|--- 2025-10-14 13:44:50+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115372817715516192 2026-01-13 07:00:21+00:00| seen| Telegram/2W7IPlTREd6XXcsNLDQ6ulBdLx770nVFwDpgwspoyi56ck...

CVE-2024-20711

creationtimestamp| type| source ---|---|--- 2024-01-11 15:54:40+00:00| seen| https://t.me/itsecnews/3964...

CVE-2024-20711

CVE-2024-20711 concerns Adobe Substance 3D Stager, affected in versions 2.1.3 and earlier. The root cause is an out-of-bounds read that can disclose memory and enable bypass of mitigations such as ASLR. Exploitation requires user interaction (victim must open a malicious file); attack vector is l...

CVE-2024-20711 Adobe Substance 3D Stager v2.1.1 Vulnerability VII

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

CVE-2023-20711

creationtimestamp| type| source ---|---|--- 2023-05-16 02:30:07+00:00| seen| https://t.me/cibsecurity/64186...

CVE-2023-20711

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581668; Issue ID: ALPS07581668...

CVE-2022-20711

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...

CVE-2022-20711

CVE-2022-20711 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN VPN Routers. It exploits insufficient input validation in specific web UI components, enabling an unauthenticated remote attacker to overwrite files or exfiltrate data served by the web UI. Root cause is imprope...

CVE-2021-20711

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2021-20711

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2021-20711

CVE-2021-20711 affects NEC Aterm WG2600HS firmware (versions 1.5.1 and earlier). The vulnerability enables an attacker to execute arbitrary OS commands via unspecified vectors, with the specific CVE recognized in multiple sources (including JVN and CVE entries). The JVN/CNNVD/CVE records and rela...

CVE-2019-20711

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32...

CVE-2019-20711

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32...

CVE-2019-20711

NETGEAR D3600/D6000 and XR500 are affected by an OS command injection (CVE-2019-20711). The root cause is improper filtering of special characters/commands when constructing executable OS commands from external input, allowing an authenticated user to execute commands. Affected versions: D3600 be...