CVE-2020-24928

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

Amazon Linux 2 : libtiff, --advisory ALAS2-2025-3020 (ALAS-2025-3020)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3020 advisory. Write-What-Where in libtiff via TIFFReadRGBAImageOriented CVE-2025-9900 Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2011-3020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors...

CVE-2023-3020

Cross-site Scripting XSS - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4...

CVE-2025-3020

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact...

CVE-2025-3020

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact...

CVE-2025-3020 Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact...

WordPress Carousel, Slider, Gallery by WP Carousel Plugin <= 2.6.3 is vulnerable to PHP Object Injection

Software Carousel, Slider, Gallery by WP Carousel Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3020 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 83a2e39ed352 Credits hoanpk Required...

CVE-2024-3020 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is prese...

CVE-2023-3020

Cross-site Scripting XSS - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4...

CVE-2023-3020 Cross-site Scripting (XSS) - Reflected in mkucej/i-librarian-free

Cross-site Scripting XSS - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4...

CVE-2023-3020

CVE-2023-3020 affects the web app i-librarian-free (GitHub: mkucej/i-librarian-free) and is a reflected Cross-site Scripting (XSS) vulnerability present in versions prior to 5.10.4 . The issue arises from reflecting unsanitized user input in the search/query flow (evidenced by “Reflected XSS at s...

CVE-2023-3020 Cross-site Scripting (XSS) - Reflected in mkucej/i-librarian-free

Cross-site Scripting XSS - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4...

MGASA-2023-0073 Updated crmsh packages fix security vulnerability

Privilege escalation CVE-2021-3020 and other fixes...

SUSE CVE-2011-3020

Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors...

CVE-2021-3020

creationtimestamp| type| source ---|---|--- 2022-08-26 07:29:35+00:00| seen| https://t.me/cibsecurity/48835...

CVE-2021-3020

Removed by vendor...

CVE-2021-3020

CVE-2021-3020 (ClusterLabs Hawk / HA Web Konsole) describes a privilege-escalation in Hawk up to version 2.3.0-15 where the setuid binary hawk_invoke can be used by hacluster to run commands as root, potentially spawning an interactive shell outside the allowed set. This leads to root elevation i...

CentOS 8 : ruby:2.7 (CESA-2021:3020)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3020 advisory. - rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 - rubygem-rdoc: Command injection...

Oracle Linux 8 : ruby:2.7 (ELSA-2021-3020)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3020 advisory. ruby 2.7.4-137 - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz1986768 - Fix FTP PASV command response can cause...