Skip to main content
CVE-2020-7995 CRITICAL POC Act Now

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-7991 HIGH POC This Week

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Framework
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-7984 HIGH POC PATCH This Week

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure N Central
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-7996 MEDIUM POC This Month

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-7994 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-7990 MEDIUM POC This Month

Adive Framework 2.0.8 has admin/user/add userName XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Framework
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-7989 MEDIUM POC This Month

Adive Framework 2.0.8 has admin/user/add userUsername XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Framework
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3115 HIGH This Week

A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-3142 HIGH This Week

A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass Google Information Disclosure +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3134 MEDIUM This Month

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-3131 MEDIUM This Month

A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft Webex Teams
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-3136 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Jabber Guest
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3121 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Sg250X 24 Firmware Sg250X 24P Firmware Sg250X 48 Firmware +42
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-3139 MEDIUM This Month

A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-3129 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy