Skip to main content
CVE-2020-6756 CRITICAL POC THREAT Act Now

languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Pixelstor 5000 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.6%
CVE-2020-6757 HIGH POC This Week

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Pixelstor 5000 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-5504 HIGH POC PATCH THREAT This Week

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Suse Linux Enterprise Server Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
38.8%
CVE-2020-6167 HIGH POC This Week

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Minimal Coming Soon Maintenance Mode
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-6628 HIGH POC This Week

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6168 HIGH POC This Week

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Minimal Coming Soon Maintenance Mode
NVD
CVSS 3.1
7.6
EPSS
2.0%
CVE-2020-6625 HIGH POC This Week

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jhead
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-6624 HIGH POC This Week

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jhead
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-6629 MEDIUM POC This Month

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-6758 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixelstor 5000 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5308 MEDIUM POC This Month

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dairy Farm Shop Management System
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-6750 MEDIUM POC This Month

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Glib Fedora
NVD
CVSS 3.1
5.9
EPSS
2.2%
CVE-2020-6631 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-6630 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-6166 MEDIUM POC This Month

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Minimal Coming Soon Maintenance Mode
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-1925 HIGH PATCH This Week

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Olingo
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-1787 MEDIUM This Month

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2020-6632 MEDIUM PATCH This Month

In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5205 MEDIUM PATCH This Month

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Redis Session Fixation Information Disclosure Pow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-1810 MEDIUM This Month

There is a weak algorithm vulnerability in some Huawei products. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Microsoft Information Disclosure Cloudengine 12800 Firmware S5700 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-1786 MEDIUM This Month

HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Pro Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-1826 MEDIUM This Month

Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor Magic2 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy