Skip to main content
CVE-2020-5510 CRITICAL POC Act Now

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hostel Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-6170 CRITICAL POC Act Now

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Platinum 4410 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.3%
CVE-2020-6623 HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6622 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6621 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6620 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6619 HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6618 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6617 HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6609 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-5511 HIGH POC This Week

PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Small Crm
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6614 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6613 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6612 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-5183 HIGH POC This Week

FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Null Pointer Dereference Denial Of Service Ftpgetter
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-6615 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6611 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6610 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-6583 MEDIUM POC This Month

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Invoicing System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-0009 MEDIUM POC PATCH This Month

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Android Debian Linux
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-0002 HIGH PATCH This Week

In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption RCE Google +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-0001 HIGH This Week

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Java Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0003 MEDIUM This Month

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-0006 MEDIUM PATCH This Month

In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6163 MEDIUM PATCH This Month

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-0007 MEDIUM This Month

In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0004 MEDIUM PATCH This Month

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0008 MEDIUM PATCH This Month

In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy