Weekly Update: New diabetes clinical trial (17 items)

New diabetes clinical trial: Chronic Passive Heating in Individuals With T2DM Published on: April 26, 2021 at 07:00PM Condition:   Type2 Diabetes Intervention:   Procedure: Passive heating Sponsors:   University of Portsmouth;   Portsmouth Hospitals NHS Trust Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04858321?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: Glycemic Observation and Metabolic Outcomes in Mothers and Offspring Published on: April 26, 2021 at 07:00PM Conditions:   Gestational Diabetes;   Pregnancy Related Intervention:   Other: Observational Sponsors:   Northwestern University;   National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK);   Yale University;   Women and Infants Hospital of Rhode Island;   University of Pittsburgh;   Massachusetts General Hospital;   Tufts Medical Center;   Columbia University;   Kaiser Permanente Recruiting https://clinicaltrials.gov/ct2/show/NCT04860336?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: The SUPPORT-Pro Online Platform for Healthcare Professionals Treating Individuals Living With T1D Published on: April 26, 2021 at 07:00PM Condition:   Educational Activities Intervention:   Behavioral: Intervention Sponsors:   McGill University;   Institut de Recherches Cliniques de Montreal Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04859205?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: Effects of Antenatal Exercises on Clinical Outcomes in Pregnant Females With Gestational Diabetes Mellitus Published on: April 26, 2021 at 07:00PM Condition:   Gestational Diabetes Interventions:   Other: routine physical therapy;   Other: routine physical therapy and antenatal exercises Sponsor:   University of Lahore Completed https://clinicaltrials.gov/ct2/show/NCT04859348?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: Effects of a Lifestyle Intervention on Gestational Diabetes Management Published on: April 27, 2021 at 07:00PM Conditions:   Gestational Diabetes;   Obesity;   Nutritional and Metabolic Disease Intervention:   Behavioral: Dietary Intervention Sponsor:   University of Nevada, Las Vegas Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04861324?term=diabetes&sfpd_d=14 April 27, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: SMOKING INTERVENTION AMONG PATIENTS WITH DIABETES Published on: April 28, 2021 at 07:00PM Conditions:   Smoking Cessation;   Diabete Mellitus Intervention:   Behavioral: Brief smoking cessation advise Sponsor:   Kansaa A.Ibrahim Completed https://clinicaltrials.gov/ct2/show/NCT04864327?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: Change of Lifestyle in Elderly Patients With Type 2 Diabetes and Systemic Arterial Hypertension Published on: April 28, 2021 at 07:00PM Conditions:   Diabetes;   Hypertension Interventions:   Behavioral: DASH;   Behavioral: DASHPED Sponsors:   Hospital de Clinicas de Porto Alegre;   Federal University of Health Science of Porto Alegre Completed https://clinicaltrials.gov/ct2/show/NCT04863755?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: Incidence of Hypoglycemia in Pregnant Ladies With or Without Gestational Diabetes Fasting Ramadan Published on: April 28, 2021 at 07:00PM Condition:   Pregnancy in Diabetic Intervention:   Device: Continuous glucose monitoring Sponsor:   King Abdullah International Medical Research Center Recruiting https://clinicaltrials.gov/ct2/show/NCT04862390?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: A Research Study Looking at How Oral Semaglutide Works in People With Type 2 Diabetes in the United Kingdom, as Part of Local Clinical Practice Published on: April 28, 2021 at 07:00PM Condition:   Diabetes Mellitus, Type 2 Intervention:   Drug: Oral semaglutide Sponsor:   Novo Nordisk A/S Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04862923?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM via ClinicalTrials.gov New diabetes clinical trial: A Research Study to Find Out How Semaglutide Works in the Kidneys Compared to Placebo, in People With Type 2 Diabetes and Chronic Kidney Disease (the REMODEL Trial) Published on: April 29, 2021 at 07:00PM Conditions:   Diabetes Mellitus, Type 2;   Chronic Kidney Disease Interventions:   Drug: Semaglutide;   Drug: Placebo (Semaglutide) Sponsor:   Novo Nordisk A/S Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04865770?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM via ClinicalTrials.gov New diabetes clinical trial: Use of Ozonized Water With Toothpaste and Mousse in Non Surgical Periodontal Therapy for Patients With Diabetes Mellitus Type 1: a Randomized Clinical Trial. Published on: April 29, 2021 at 07:00PM Condition:   Diabetes Mellitus With Periodontal Disease Interventions:   Other: Peribioma Toothpaste and Mousse;   Other: Standard toothpaste Sponsor:   University of Pavia Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04865809?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM via ClinicalTrials.gov New diabetes clinical trial: Comparison of Manual Skills, Visual-Motor Integration and Participation of Children With and Without Type 1 Diabetes Published on: April 29, 2021 at 07:00PM Conditions:   Type 1 Diabetes;   Hand Skills;   Visual Motor Integration;   Participation Interventions:   Behavioral: Beery- Buktenica Developmental Test of Visual Motor Integration;   Behavioral: Jebsen Taylor Hand Function Test;   Diagnostic Test: Participation and Environment Measure - Children and Youth Sponsor:   Istanbul Medipol University Hospital Active, not recruiting https://clinicaltrials.gov/ct2/show/NCT04866212?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM via ClinicalTrials.gov New diabetes clinical trial: A Study of A Novel Approach to Titrate Basal Insulin (LY2963016) in Participants With Type 2 Diabetes Published on: April 29, 2021 at 07:00PM Conditions:   Type 2 Diabetes;   Type 2 Diabetes Treated With Insulin Intervention:   Drug: Basal Insulin Sponsor:   Eli Lilly and Company Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04864977?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM via ClinicalTrials.gov New diabetes clinical trial: A Transition of Care Model From Hospital to Community for Hispanic/Latino Adult Patients With Diabetes. Published on: April 29, 2021 at 07:00PM Condition:   Diabetes Mellitus Intervention:   Other: Transition of Care Model Sponsors:   Duke University;   National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK) Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04864639?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM via ClinicalTrials.gov New diabetes clinical trial: Role of Neuraminidase Activity on Endothelial Dysfunction in Type 2 Diabetes Published on: April 30, 2021 at 07:00PM Condition:   Diabetes Mellitus, Type 2 Intervention:   Drug: Zanamivir Sponsor:   University of Missouri-Columbia Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04867707?term=diabetes&sfpd_d=14 April 30, 2021 at 02:24PM via ClinicalTrials.gov New diabetes clinical trial: Observational Study of ASCVD Risks of Type 2 Diabetes in East China Published on: April 30, 2021 at 07:00PM Conditions:   Type 2 Diabetes Mellitus;   Arteriosclerotic Cardiovascular Disease;   Liraglutide Intervention:   Sponsors:   Zhejiang Provincial People's Hospital;   Zhejiang Provence Preventive Medicine Association;   Ningbo Medical Center Lihuili Hospital;   Affiliated Cixi Hospital of Wenzhou Medical University;   Putuo People's Hospital;   The Second People's Hospital of Yuhuan;   Wenling People's Hospital;   ShuGuang Hospital;   The First People's Hospital of Jiaxing;   Nanxun People's Hospital;   First People's Hospital Affiliated to Huzhou University;   Lishui Hospital of TCM;   Hangzhou hospital of Chinese Traditional Medicine;   Zhejiang Greentown Cardiovascular Hospital;   Red Cross Hospital of Hangzhou;   The Second School of Medicine，WMU;   The First People's Hospital of Xiaoshan;   Zhejiang Xiaoshan hospital;   Yiwu Central Hospital;   Quzhou Hospital;   Jinhua Hospital of TCM;   Shaoxing Central Hospital;   Shaoxinig Second Hospital;   Huamei hospital, University of Chinese Academy of Sciences Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04866667?term=diabetes&sfpd_d=14 April 30, 2021 at 02:24PM via ClinicalTrials.gov New diabetes clinical trial: A Study of LY3437943 in Participants With Type 2 Diabetes Published on: April 30, 2021 at 07:00PM Condition:   Type 2 Diabetes Interventions:   Drug: LY3437943;   Drug: Dulaglutide;   Drug: Placebo Sponsor:   Eli Lilly and Company Not yet recruiting https://clinicaltrials.gov/ct2/show/NCT04867785?term=diabetes&sfpd_d=14 April 30, 2021 at 02:24PM via ClinicalTrials.gov

Weekly Update: a new vulnerability is published on the National Vulnerability Database (42 items)

New vulnerabilities from the NVD: CVE-2020-15078 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Published at: April 26, 2021 at 05:15PM View on website April 26, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-17517 The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release. Improper Authorization vulnerability in __COMPONENT__ of Apache Ozone allows an attacker to __IMPACT__. This issue affects Apache Ozone Apache Ozone version 1.0.0 and prior versions. Published at: April 27, 2021 at 12:15PM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25042 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25041 Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25040 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25039 Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25038 Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25037 Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25036 Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25035 Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25034 Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25033 Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25032 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25031 Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. Published at: April 27, 2021 at 09:15AM View on website April 27, 2021 at 01:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-35542 Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack. Published at: April 27, 2021 at 02:15PM View on website April 27, 2021 at 03:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-22001 HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution. Published at: April 27, 2021 at 09:15PM View on website April 27, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-22000 HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function. Published at: April 27, 2021 at 09:15PM View on website April 27, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21998 In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. Published at: April 27, 2021 at 09:15PM View on website April 27, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21989 HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Published at: April 27, 2021 at 09:15PM View on website April 27, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21987 HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. Published at: April 27, 2021 at 09:15PM View on website April 27, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-36326 PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. Published at: April 28, 2021 at 06:15AM View on website April 28, 2021 at 08:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21996 AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. Published at: April 28, 2021 at 06:15PM View on website April 28, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21994 AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. Published at: April 28, 2021 at 06:15PM View on website April 28, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21993 In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. Published at: April 28, 2021 at 06:15PM View on website April 28, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21991 AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials. Published at: April 28, 2021 at 05:15PM View on website April 28, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18020 SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component. Published at: April 28, 2021 at 05:15PM View on website April 28, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18019 SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component. Published at: April 28, 2021 at 05:15PM View on website April 28, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18022 Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. Published at: April 28, 2021 at 07:15PM View on website April 28, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-17999 Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php". Published at: April 28, 2021 at 07:15PM View on website April 28, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21997 Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control. Published at: April 29, 2021 at 06:15PM View on website April 29, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21995 Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. Published at: April 29, 2021 at 06:15PM View on website April 29, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21992 Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place. Published at: April 29, 2021 at 06:15PM View on website April 29, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21990 Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information. Published at: April 29, 2021 at 05:15PM View on website April 29, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21452 An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload Published at: April 29, 2021 at 08:15PM View on website April 29, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21101 Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code. Published at: April 29, 2021 at 08:15PM View on website April 29, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18032 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Published at: April 29, 2021 at 09:15PM View on website April 29, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-15225 django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. Published at: April 30, 2021 at 12:15AM View on website April 30, 2021 at 01:37AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18035 Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". Published at: April 30, 2021 at 02:15AM View on website April 30, 2021 at 03:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18070 Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". Published at: April 30, 2021 at 03:15AM View on website April 30, 2021 at 08:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-1721 A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. Published at: April 30, 2021 at 03:15PM View on website April 30, 2021 at 05:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-15153 Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch. Published at: April 30, 2021 at 07:15PM View on website April 30, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18084 Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in. Published at: May 01, 2021 at 12:15AM View on website May 01, 2021 at 01:36AM via National Vulnerability Database