Skip to main content
CVE-2020-10189 CRITICAL POC KEV THREAT Emergency

Zoho ManageEngine Desktop Central before 10.0.474 allows unauthenticated remote code execution through Java deserialization in the FileStorage class, exploited by Chinese APT groups for enterprise network compromise.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
Threat
9.8
CVE-2020-9458 HIGH POC This Week

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-9457 HIGH POC This Week

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-9456 HIGH POC This Week

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-9454 HIGH POC This Week

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-9756 HIGH POC This Week

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Viper Rgb Firmware
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10111 HIGH POC This Week

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-5328 CRITICAL Act Now

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Isilon Onefs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-5327 CRITICAL PATCH Act Now

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Deserialization Dell RCE +1
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-8113 CRITICAL Act Now

GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10188 CRITICAL PATCH Act Now

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Netkit Telnet Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
9.8
EPSS
74.5%
CVE-2020-10112 MEDIUM POC This Month

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-10110 MEDIUM POC This Month

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-9455 MEDIUM POC This Month

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-7212 HIGH PATCH This Week

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Urllib3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-10193 HIGH This Week

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Eset Authentication Bypass Apple Cyber Security +5
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-9531 HIGH This Week

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miui Firmware
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2020-9530 MEDIUM This Month

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Code Injection Miui Firmware
NVD
CVSS 3.1
6.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy