Skip to main content
CVE-2020-8641 HIGH POC THREAT This Week

Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Lotus Core Cms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
10.8%
CVE-2020-5237 HIGH POC PATCH This Week

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal RCE PHP Oneupuploaderbundle
NVD GitHub
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-3119 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption RCE Nx Os +1
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2020-3118 HIGH KEV THREAT This Week

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Apple Ios Xr
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2020-3111 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ip Conference Phone 7832 Firmware Ip Conference Phone 7832 With Multiplatform Firmware Ip Conference Phone 8832 Firmware +30
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-3110 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service RCE Video Surveillance 8400 Ip Camera Firmware Video Surveillance 8030 Ip Camera Firmware +6
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-5208 HIGH PATCH This Week

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Ipmitool Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-3123 HIGH This Week

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Clamav Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-6833 HIGH This Week

An issue was discovered in GitLab EE 11.3 and later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8507 HIGH This Week

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Citytv Video
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7978 HIGH This Week

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7972 HIGH This Week

GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-7969 HIGH This Week

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7968 HIGH This Week

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7966 HIGH This Week

GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-7216 HIGH This Week

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wicked Leap
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy