{"vulnerability": "cve-2020-3684", "sightings": [{"uuid": "5d919403-f4ba-44f9-89fe-31047727e504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36845", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:37.000000Z"}, {"uuid": "22cd8442-9193-47f8-8b93-6cd38a848899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36848", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_total_upkeep_downloader.rb", "content": "", "creation_timestamp": "2021-01-05T20:10:05.000000Z"}, {"uuid": "c69c97eb-6e7f-4dcd-8506-bf9358fd59c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36847", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lxavjkkg2g2c", "content": "", "creation_timestamp": "2025-08-25T21:02:21.636897Z"}, {"uuid": "e9cbd9e5-f274-42d6-ab6f-741dcf3d9225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36847", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_simple_file_list_rce.rb", "content": "", "creation_timestamp": "2020-12-03T16:03:35.000000Z"}, {"uuid": "5d446719-6222-4919-b387-ad888ee8bd83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36847", "type": "published-proof-of-concept", "source": "Telegram/OcRAGkB9tSA6dmN8vZ3V-gJFgf0eXX8qmN6tWR_w--G7GX0", "content": "", "creation_timestamp": "2025-08-23T15:31:26.000000Z"}, {"uuid": "3352f7c0-03d4-4cae-9434-5c921b89ce6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36842", "type": "seen", "source": "https://t.me/cvedetector/8042", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2020-36842 - WPvivid WordPress Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2020-36842 \nPublished : Oct. 16, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T11:20:58.000000Z"}, {"uuid": "2a57edc8-0dee-4f1b-af6c-465103e803e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36840", "type": "seen", "source": "https://t.me/cvedetector/8041", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2020-36840 - MotoPress Timetable Event Schedule WordPress Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2020-36840 \nPublished : Oct. 16, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T11:20:57.000000Z"}, {"uuid": "c351eec6-68fa-4ca2-8ba8-01ef5699ef14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36842", "type": "published-proof-of-concept", "source": "Telegram/QWcAxtRj4CEiw2EsCBPPi9W_svhfflMSFS5WabELl66jBbo", "content": "", "creation_timestamp": "2025-03-05T04:00:07.000000Z"}, {"uuid": "ace12786-2652-4634-b910-9ff954fbbc72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-3684", "type": "seen", "source": "https://t.me/cibsecurity/15763", "content": "\u203c CVE-2020-3684 \u203c\n\nu'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-02T12:38:37.000000Z"}, {"uuid": "ea32312c-4f06-4c97-a2a4-3e5b7dd30328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36843", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154860984407034", "content": "", "creation_timestamp": "2025-03-13T11:22:24.644211Z"}, {"uuid": "8953de3f-a3a1-44bf-8331-ba47f3395f44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36847", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lunw54uuco23", "content": "", "creation_timestamp": "2025-07-23T21:02:21.180250Z"}, {"uuid": "7fe9cbaf-543e-4108-9191-af730c04da27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36847", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:12:59.000000Z"}, {"uuid": "3f06f12e-3c26-405e-92a6-4e0fe2748af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36848", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:12:59.000000Z"}, {"uuid": "5e0e4bd1-2727-4d8a-a79c-bdf979449ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36849", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:12:59.000000Z"}, {"uuid": "0041167e-cada-4aae-a1cc-623d00620405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36849", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_ait_csv_rce.rb", "content": "", "creation_timestamp": "2021-01-11T21:43:55.000000Z"}, {"uuid": "63365586-9146-4bf9-9686-cf80078cbb58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36845", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12621", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36845\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.\n\ud83d\udccf Published: 2025-04-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-20T21:51:58.836Z\n\ud83d\udd17 References:\n1. https://www.doyler.net/security-not-included/knowbe4-vulnerabilities", "creation_timestamp": "2025-04-20T22:05:03.000000Z"}, {"uuid": "478ffa39-9548-40a2-abec-d7b1df600bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36844", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12620", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36844\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.\n\ud83d\udccf Published: 2025-04-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-20T21:55:07.955Z\n\ud83d\udd17 References:\n1. https://www.doyler.net/security-not-included/knowbe4-vulnerabilities", "creation_timestamp": "2025-04-20T22:05:02.000000Z"}, {"uuid": "1f326fed-6875-4587-9134-5ddf77fbabce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36843", "type": "seen", "source": "https://t.me/cvedetector/20202", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2020-36843 - Apache EdDSA-Java Ed25519 Signature Malleability\", \n  \"Content\": \"CVE ID : CVE-2020-36843 \nPublished : March 13, 2025, 6:15 a.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T08:55:55.000000Z"}, {"uuid": "8e880bb4-280b-4c31-b4e0-155badef73b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36843", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7401", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36843\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.\n\ud83d\udccf Published: 2025-03-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-13T05:20:08.585Z\n\ud83d\udd17 References:\n1. https://github.com/str4d/ed25519-java/issues/82#issue-727629226\n2. https://eprint.iacr.org/2020/1244", "creation_timestamp": "2025-03-13T05:44:21.000000Z"}, {"uuid": "3f0ef6a4-9220-4d30-864f-289612ec4ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36844", "type": "seen", "source": "https://t.me/cvedetector/23420", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2020-36844 - KnowBe4 Security Awareness Training Reflective Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2020-36844 \nPublished : April 20, 2025, 10:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T02:15:52.000000Z"}, {"uuid": "a4cf4632-3a85-4aae-9e93-28fbadfc4a88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36845", "type": "seen", "source": "https://t.me/cvedetector/23419", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2020-36845 - KnowBe4 Security Awareness Training Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2020-36845 \nPublished : April 20, 2025, 10:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T02:15:51.000000Z"}, {"uuid": "c05e6556-fe50-4486-9fb2-ebd861ddc9ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36841", "type": "seen", "source": "https://t.me/cvedetector/8064", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2020-36841 - WooCommerce Smart Coupons Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2020-36841 \nPublished : Oct. 16, 2024, 1:15 p.m. | 39\u00a0minutes ago \nDescription : The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim\u2019s storefront. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T16:23:02.000000Z"}, {"uuid": "03386381-062b-4253-a9e5-1697957440a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36844", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnbqbhmbsv2u", "content": "", "creation_timestamp": "2025-04-20T22:49:06.584050Z"}, {"uuid": "bbe2a3b4-e784-4e2a-bed6-cf5c6eb622ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36845", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnbqbju5rz2t", "content": "", "creation_timestamp": "2025-04-20T22:49:07.140768Z"}, {"uuid": "4e0643d6-e4f1-4047-a3c7-636e11efd793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36847", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lturhz35mw22", "content": "", "creation_timestamp": "2025-07-13T21:02:21.804683Z"}, {"uuid": "3a590de9-5152-4afd-b0b0-027d9a7d0557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36846", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqe7gz6uxnt2", "content": "", "creation_timestamp": "2025-05-30T02:41:43.283675Z"}, {"uuid": "7c257258-3695-4232-8474-023e7c03a1a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36846", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqedwihsig2o", "content": "", "creation_timestamp": "2025-05-30T04:01:44.698510Z"}, {"uuid": "f5ae27f2-dd56-49ee-92a4-8488fa11aa2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-36845", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"}]}