Skip to main content
CVE-2020-7060 CRITICAL POC PATCH Act Now

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.1
EPSS
8.9%
CVE-2020-7059 CRITICAL POC PATCH Act Now

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.1
EPSS
7.1%
CVE-2020-8841 HIGH POC This Week

An issue was discovered in TestLink 1.9.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Testlink
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-8823 MEDIUM POC PATCH This Month

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sockjs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-8840 CRITICAL PATCH Act Now

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Jackson Databind Debian Linux Oncommand Api Services +5
NVD GitHub
CVSS 3.1
9.8
EPSS
26.6%
CVE-2020-8089 MEDIUM POC This Month

Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8825 MEDIUM POC This Month

index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vanilla
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-8822 MEDIUM POC This Month

Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Transport Wr21 Firmware Transport Wr44 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-1697 MEDIUM PATCH This Month

It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Keycloak Single Sign On
NVD
CVSS 3.1
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy