Skip to main content
CVE-2020-8424 HIGH POC This Week

Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cups Easy
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-8417 HIGH POC THREAT This Week

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Code Snippets
NVD
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-8112 HIGH POC This Week

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Openjpeg Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-5227 HIGH POC PATCH This Week

Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Feedgen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-5215 HIGH POC PATCH This Week

In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-7799 HIGH POC THREAT This Week

An issue was discovered in FusionAuth before 1.11.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Fusionauth
NVD
CVSS 3.1
7.2
EPSS
19.8%
CVE-2020-8425 MEDIUM POC This Month

Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cups Easy Purchase Inventory
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-7997 MEDIUM POC This Month

ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt Ac66U Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5211 CRITICAL Act Now

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-4207 CRITICAL Act Now

IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE IBM Iot Messagesight +1
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-5214 CRITICAL Act Now

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5213 CRITICAL Act Now

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5212 CRITICAL Act Now

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8086 CRITICAL Act Now

The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mod Auth Ldap Mod Auth Ldap2 Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-8426 MEDIUM POC This Month

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Website Builder
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-7934 MEDIUM POC PATCH This Month

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liferay Portal
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
4.5%
CVE-2020-8420 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-8419 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-7998 HIGH This Week

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Super File Explorer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-5210 HIGH PATCH This Week

In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-5209 HIGH PATCH This Week

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Privilege Escalation Nethack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1940 HIGH PATCH This Week

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Jackrabbit Oak
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-5523 HIGH This Week

Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure 77 Bank Ashigin Dogin +6
NVD
CVSS 3.1
7.4
EPSS
1.2%
CVE-2020-1932 MEDIUM PATCH This Month

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-8421 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-1933 MEDIUM PATCH This Month

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Mozilla Nifi
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-8315 MEDIUM PATCH This Month

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Microsoft Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-0549 MEDIUM This Month

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Linux Fedora Leap Debian Linux Core I5 9400F Firmware +425
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-0548 MEDIUM This Month

Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 8700B Firmware Core I7 8569U Firmware Core I7 8650U Firmware +421
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-1928 MEDIUM PATCH This Month

An information disclosure vulnerability was found in Apache NiFi 1.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Nifi
NVD
CVSS 3.1
5.3
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy