Skip to main content
CVE-2020-8125 CRITICAL POC PATCH Act Now

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Denial Of Service Klona
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-6058 CRITICAL POC Act Now

An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Minisnmpd
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-6059 HIGH POC This Week

An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Integer Overflow Minisnmpd
NVD
CVSS 3.1
8.2
EPSS
2.6%
CVE-2020-8121 HIGH POC This Week

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-7221 HIGH POC This Week

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Oracle MariaDB
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-6060 HIGH POC This Week

A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Minisnmpd
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8116 HIGH POC PATCH This Week

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Dot Prop
NVD GitHub
CVSS 3.1
7.3
EPSS
3.1%
CVE-2020-8615 MEDIUM POC This Month

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Tutor Lms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.8%
CVE-2020-8120 MEDIUM POC This Month

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8115 MEDIUM POC This Month

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Revive Adserver
NVD
CVSS 3.1
6.1
EPSS
7.1%
CVE-2020-5235 CRITICAL PATCH Act Now

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Nanopb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8124 MEDIUM POC PATCH This Month

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Url Parse
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-8118 MEDIUM POC This Month

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud SSRF Nextcloud Server Backports Sle Suse Linux Enterprise Server
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2020-8123 MEDIUM POC PATCH This Month

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Strapi
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-8122 MEDIUM POC This Month

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-8517 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Leap Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-8449 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Squid Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2020-3938 HIGH This Week

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Syuan Gu Da Shin
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3937 HIGH This Week

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Syuan Gu Da Shin
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8450 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Squid Ubuntu Linux Leap Fedora +1
NVD
CVSS 3.1
7.3
EPSS
71.8%
CVE-2020-4163 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-5236 MEDIUM PATCH This Month

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Waitress
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-3939 MEDIUM This Month

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Syuan Gu Da Shin
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8119 MEDIUM This Month

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-8117 MEDIUM This Month

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy