Skip to main content
CVE-2020-9039 CRITICAL POC Act Now

Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-9341 HIGH POC This Week

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Candidats
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-8813 HIGH POC THREAT This Week

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Cacti Fedora Open Audit +2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
73.8%
CVE-2020-9340 HIGH POC This Week

fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fauzantrif Election
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-9339 MEDIUM POC This Month

SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Soplanning
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-9338 MEDIUM POC This Month

SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Soplanning
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-9336 MEDIUM POC This Month

fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fauzantrif Election
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-8862 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 2610 Firmware
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2020-8861 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-8860 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Stack Overflow RCE Android
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2020-9342 MEDIUM This Month

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Protection For Salesforce Email And Server Security Internet Gatekeeper
NVD
CVSS 3.1
5.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy