EFF, Security Experts Condemn Politicization of Election Security
From DHS/US-CERT’s National Vulnerability Database CVE-2020-28183
PUBLISHED: 2020-11-17
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
CVE-2020-28092
PUBLISHED: 2020-11-17
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
CVE-2020-28914
PUBLISHED: 2020-11-17
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. Fo…
CVE-2020-28130
PUBLISHED: 2020-11-17
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
CVE-2020-25890
PUBLISHED: 2020-11-17
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or t…
Read More HERE