Skip to main content
CVE-2020-8088 CRITICAL POC Act Now

panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Usebb
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8087 CRITICAL POC Act Now

SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D3G0804W Firmware
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-8001 CRITICAL POC Act Now

The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Aptus
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-8000 CRITICAL POC Act Now

Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aptus Web
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-7999 CRITICAL POC Act Now

The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Aptus
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-7952 HIGH POC This Week

rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Dota 2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-7951 HIGH POC This Week

meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Dota 2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-7950 HIGH POC This Week

meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Dota 2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-7949 HIGH POC This Week

schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Dota 2
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
4.2%
CVE-2020-7238 HIGH POC PATCH This Week

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Netty Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-8009 HIGH POC This Week

AVB MOTU devices through 2020-01-22 allow /.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Avb Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8091 MEDIUM POC PATCH This Month

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typo3
NVD
CVSS 3.1
6.1
EPSS
5.2%
CVE-2020-8090 MEDIUM POC This Month

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wlan Box Adb Vv2220 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-5207 HIGH PATCH This Week

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Ktor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-5522 HIGH This Week

The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Easy Netprint
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-5521 HIGH This Week

The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Easy Netprint
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-5520 HIGH This Week

The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Netprint
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-8003 MEDIUM PATCH This Month

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8002 MEDIUM PATCH This Month

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Virglrenderer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5220 MEDIUM PATCH This Month

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Syliusresourcebundle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-5218 MEDIUM PATCH This Month

Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Sylius
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy