Skip to main content
CVE-2020-5245 HIGH POC PATCH This Week

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation Blockchain Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-5187 HIGH POC PATCH This Week

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dotnetnuke
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-9381 HIGH POC PATCH This Week

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Total Js Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-9365 HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Pure Ftpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
7.1%
CVE-2020-8131 HIGH POC PATCH This Week

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Path Traversal Yarn
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-1937 HIGH PATCH This Week

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Kylin
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-9363 HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix Endpoint Protection Intercept X Endpoint +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-9362 HIGH This Week

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Antivirus For Server Antivirus Pro Home Security +3
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-9369 HIGH PATCH This Week

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sympa Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-5244 HIGH PATCH This Week

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Buddypress
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy