Skip to main content
CVE-2020-9341 HIGH POC This Week

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Candidats
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-8813 HIGH POC THREAT This Week

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Cacti Fedora Open Audit +2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
73.8%
CVE-2020-9340 HIGH POC This Week

fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fauzantrif Election
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-8862 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 2610 Firmware
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2020-8861 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dap 1330 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-8860 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Stack Overflow RCE Android
NVD
CVSS 3.1
8.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy