Skip to main content
CVE-2020-6757 HIGH POC This Week

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Pixelstor 5000 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-5504 HIGH POC PATCH THREAT This Week

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Suse Linux Enterprise Server Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
38.8%
CVE-2020-6167 HIGH POC This Week

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Minimal Coming Soon Maintenance Mode
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-6628 HIGH POC This Week

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6168 HIGH POC This Week

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Minimal Coming Soon Maintenance Mode
NVD
CVSS 3.1
7.6
EPSS
2.0%
CVE-2020-6625 HIGH POC This Week

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jhead
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-6624 HIGH POC This Week

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jhead
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-1925 HIGH PATCH This Week

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Olingo
NVD
CVSS 3.1
7.5
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy