Skip to main content
CVE-2020-5221 HIGH POC PATCH This Week

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Uftpd
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-7109 CRITICAL Act Now

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Website Builder
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-6960 CRITICAL Act Now

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Maxpro Nvr Xe Firmware Maxpro Nvr Se Firmware Maxpro Nvr Pe Firmware Mpnvrswxx Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-6959 CRITICAL Act Now

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Maxpro Nvr Xe Firmware Maxpro Nvr Se Firmware Maxpro Nvr Pe Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7915 MEDIUM POC This Month

An issue was discovered on Eaton 5P 850 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 5P 850 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-7228 MEDIUM This Month

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Calculated Fields Form
NVD
CVSS 3.1
5.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy