Skip to main content
CVE-2020-9380 CRITICAL POC Act Now

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Web Tv Player
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-10106 CRITICAL POC Act Now

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Daily Expense Tracker System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-9402 HIGH POC PATCH THREAT This Week

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Python SQLi Oracle Django Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
22.5%
CVE-2020-10173 HIGH POC THREAT This Week

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vr 3033 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
76.8%
CVE-2020-10185 HIGH POC This Week

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yubikey One Time Password Validation Server
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-10184 HIGH POC This Week

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Yubikey One Time Password Validation Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9544 HIGH POC This Week

An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8994 MEDIUM POC This Month

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mdz 25 Dt Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-5405 MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Cloud Config
NVD
CVSS 3.1
6.5
EPSS
68.8%
CVE-2020-10180 CRITICAL Act Now

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Eset Authentication Bypass Apple Cyber Security +4
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-4083 MEDIUM POC This Month

HCL Connections 6.5 is vulnerable to possible information leakage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4082 MEDIUM POC This Month

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10107 MEDIUM POC This Month

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Daily Expense Tracker System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-9370 CRITICAL Act Now

HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Hga12R 02 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2020-6971 HIGH This Week

In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Valvelink
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5957 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Quadro Firmware Geforce Experience +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9418 HIGH This Week

An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdfescape
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4278 HIGH PATCH This Week

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation IBM Platform Lsf Spectrum Computing For High Performance Analytics Spectrum Lsf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6986 HIGH This Week

In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Plc Cj1 Firmware Plc Cj2 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10101 HIGH PATCH This Week

An issue was discovered in Zammad 3.0 through 3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10096 HIGH PATCH This Week

An issue was discovered in Zammad 3.0 through 3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10174 HIGH PATCH This Week

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. Rated high severity (CVSS 7.0).

Information Disclosure Timeshift Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-10100 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zammad
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-5250 MEDIUM PATCH This Month

In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2020-10103 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10099 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10098 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10105 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10102 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-10097 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10104 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy