Skip to main content
CVE-2020-6948 CRITICAL POC PATCH Act Now

A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Hashbrown Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-6949 HIGH POC This Week

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hashbrown Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-6860 HIGH POC This Week

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libmysofa Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6851 HIGH POC PATCH This Week

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Openjpeg Fedora Debian Linux +9
NVD GitHub
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-6954 MEDIUM POC This Month

An issue was discovered on Cayin SMP-PRO4 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smp Pro4 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-6955 MEDIUM POC This Month

An issue was discovered on Cayin SMP-PRO4 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smp Pro4 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6848 MEDIUM POC This Month

Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vision Ii Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5390 HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5195 MEDIUM This Month

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ftp Server
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-6832 MEDIUM This Month

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-6859 MEDIUM PATCH This Month

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass PHP Ultimate Member
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2020-5197 MEDIUM This Month

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy