Skip to main content
CVE-2020-8794 CRITICAL POC PATCH THREAT Act Now

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Information Disclosure Opensmtpd Ubuntu Linux +2
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.9%
CVE-2020-8810 HIGH POC This Week

An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Path Traversal Device Language Message Specification Director
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2020-8809 HIGH POC This Week

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Device Language Message Specification Director
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-8819 HIGH POC PATCH This Week

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Cardgate Payments
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
4.9%
CVE-2020-8818 HIGH POC PATCH This Week

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe Authentication Bypass PHP Cardgate Payments Magento
NVD GitHub
CVSS 3.1
8.1
EPSS
4.2%
CVE-2020-9017 HIGH POC This Week

LiteCart through 2.2.1 allows CSV injection via a customer's profile. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Litecart
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2020-9385 HIGH POC This Week

A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Zint
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9019 MEDIUM POC This Month

The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpjobboard
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-9398 CRITICAL Act Now

ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ispconfig
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-9391 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9008 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blackboard Learn
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-9018 MEDIUM POC This Month

LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Litecart
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-9394 HIGH This Week

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Pricing Table By Supsystic
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-8793 MEDIUM POC This Month

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Opensmtpd Fedora Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-9383 HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.16 through 5.5.6. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +10
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-9379 MEDIUM This Month

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Micontact Center Business
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9393 MEDIUM This Month

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Pricing Table By Supsystic
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-9334 MEDIUM This Month

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Envira Gallery
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-9335 MEDIUM This Month

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Photo Gallery
NVD
CVSS 3.1
4.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy