Skip to main content
CVE-2020-8440 CRITICAL POC Act Now

controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Simplejobscript
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-8505 MEDIUM POC This Month

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Management Software Php Mysql
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8504 MEDIUM POC This Month

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Management Software Php Mysql
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-7956 CRITICAL PATCH Act Now

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Nomad
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-5232 HIGH PATCH This Week

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ethereum Name Service
NVD GitHub
CVSS 3.1
8.7
EPSS
1.2%
CVE-2020-7914 HIGH This Week

In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-7219 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service HashiCorp Consul
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-7218 HIGH PATCH This Week

HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Nomad
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8503 MEDIUM This Month

Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secure File Transfer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5234 MEDIUM PATCH This Month

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Stack Overflow Messagepack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-5526 MEDIUM This Month

The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Apple Apeosware Management Suite
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-7955 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Information Disclosure HashiCorp Consul
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-8422 MEDIUM This Month

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy