Skip to main content
CVE-2020-8644 CRITICAL POC KEV THREAT Emergency

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Playsms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.7%
CVE-2020-6754 CRITICAL POC THREAT Act Now

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dotcms
NVD GitHub
CVSS 3.1
9.8
EPSS
94.8%
CVE-2020-8641 HIGH POC THREAT This Week

Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Lotus Core Cms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
10.8%
CVE-2020-5237 HIGH POC PATCH This Week

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal RCE PHP Oneupuploaderbundle
NVD GitHub
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-6969 CRITICAL PATCH Act Now

It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure C More Ea9 Rhi Firmware C More Ea9 T6Cl R Firmware C More Ea9 T6Cl Firmware C More Ea9 T7Cl R Firmware +7
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-6174 CRITICAL PATCH Act Now

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure The Update Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-8114 CRITICAL Act Now

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8506 MEDIUM POC This Month

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Global Tv
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3119 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption RCE Nx Os +1
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2020-3118 HIGH KEV THREAT This Week

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Apple Ios Xr
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2020-3111 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ip Conference Phone 7832 Firmware Ip Conference Phone 7832 With Multiplatform Firmware Ip Conference Phone 8832 Firmware +30
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-3110 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service RCE Video Surveillance 8400 Ip Camera Firmware Video Surveillance 8030 Ip Camera Firmware +6
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-5208 HIGH PATCH This Week

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Ipmitool Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-3123 HIGH This Week

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Clamav Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-6833 HIGH This Week

An issue was discovered in GitLab EE 11.3 and later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8507 HIGH This Week

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Citytv Video
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7978 HIGH This Week

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7972 HIGH This Week

GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-7969 HIGH This Week

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7968 HIGH This Week

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7966 HIGH This Week

GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-7216 HIGH This Week

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wicked Leap
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-3120 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Cisco Integer Overflow Firepower Extensible Operating System +4
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-7973 MEDIUM This Month

GitLab through 12.7.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-7971 MEDIUM This Month

GitLab EE 11.0 and later through 12.7.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8632 MEDIUM PATCH This Month

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Brute Force Cloud Init Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8631 MEDIUM PATCH This Month

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cloud Init Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6854 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jobscheduler
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7977 MEDIUM This Month

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-7976 MEDIUM This Month

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7974 MEDIUM This Month

GitLab EE 10.1 through 12.7.2 allows Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7979 MEDIUM This Month

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-3149 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-7967 MEDIUM This Month

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy