Skip to main content
CVE-2020-9458 HIGH POC This Week

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-9457 HIGH POC This Week

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-9456 HIGH POC This Week

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-9454 HIGH POC This Week

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-9756 HIGH POC This Week

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Viper Rgb Firmware
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10111 HIGH POC This Week

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-7212 HIGH PATCH This Week

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Urllib3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-10193 HIGH This Week

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Eset Authentication Bypass Apple Cyber Security +5
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-9531 HIGH This Week

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miui Firmware
NVD
CVSS 3.1
7.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy