Skip to main content
CVE-2020-7246 HIGH POC THREAT Act Now

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Qdpm
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
83.2%
CVE-2020-6849 HIGH POC This Week

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF PHP Marketo Forms And Tracking
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-6638 HIGH POC PATCH This Week

Grin through 2.1.1 has Insufficient Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7213 HIGH POC This Week

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Parallels
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7594 HIGH POC This Week

MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Conduit Mtcdt Lvw2 246A Firmware
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2020-7239 MEDIUM POC This Month

The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Chatbot With Ibm Watson
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-7229 CRITICAL Act Now

An issue was discovered in Simplejobscript.com SJS before 1.65. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Simplejobscript
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-5202 MEDIUM POC PATCH This Month

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apt Cacher Ng Debian Linux Backports Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-6857 MEDIUM POC This Month

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Carbonftp
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-7470 MEDIUM POC This Month

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Th10 Firmware Th16 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-7249 MEDIUM POC This Month

SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D3G0804 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-7040 HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux Backports Sle Leap +1
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2020-7595 HIGH PATCH This Week

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Fedora Ubuntu Linux Debian Linux +20
NVD
CVSS 3.1
7.5
EPSS
7.6%
CVE-2020-7211 HIGH PATCH This Week

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Libslirp Qemu
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-1840 MEDIUM This Month

HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2020-1788 MEDIUM This Month

Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Honor V30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy