{"vulnerability": "cve-2020-3648", "sightings": [{"uuid": "d88b1428-616e-4029-9045-16dfd96a80c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36485", "type": "seen", "source": "https://t.me/cibsecurity/31060", "content": "\u203c CVE-2020-36485 \u203c\n\nPortable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-23T00:39:28.000000Z"}, {"uuid": "13976a13-a95c-4fc4-bb44-d3a13fcee1d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36489", "type": "seen", "source": "https://t.me/cibsecurity/31073", "content": "\u203c CVE-2020-36489 \u203c\n\nDropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-23T00:39:44.000000Z"}]}