Skip to main content
CVE-2020-10564 CRITICAL POC Act Now

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE Path Traversal Wordpress File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2020-10218 MEDIUM POC PATCH This Month

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Sentrifugo
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-10195 MEDIUM POC This Month

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Privilege Escalation Information Disclosure Popup Builder
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-10196 MEDIUM POC This Month

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Popup Builder
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-1953 CRITICAL PATCH Act Now

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Commons Configuration Database Server Healthcare Foundation
NVD
CVSS 3.1
10.0
EPSS
6.7%
CVE-2020-10563 CRITICAL PATCH Act Now

An issue was discovered in DEVOME GRR before 3.4.1c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Grr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-10077 CRITICAL Act Now

GitLab EE 3.0 through 12.8.1 allows SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10074 CRITICAL Act Now

GitLab 10.1 through 12.8.1 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10541 CRITICAL Act Now

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho RCE Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2020-10083 CRITICAL Act Now

GitLab 12.7 through 12.8.1 has Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-1887 CRITICAL PATCH Act Now

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Osquery
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-10540 HIGH This Week

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webuntis
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-5240 HIGH PATCH This Week

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
CVSS 3.1
8.5
EPSS
0.8%
CVE-2020-5257 HIGH PATCH This Week

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Nosql Injection SQLi Administrate
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-10088 HIGH This Week

GitLab 12.5 through 12.8.1 has Insecure Permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-10073 HIGH This Week

GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10089 HIGH This Week

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10087 HIGH This Week

GitLab before 12.8.2 allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8571 HIGH This Week

StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Storagegrid
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10562 HIGH PATCH This Week

An issue was discovered in DEVOME GRR before 3.4.1c. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Grr
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-10081 MEDIUM This Month

GitLab before 12.8.2 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-10076 MEDIUM This Month

GitLab 12.1 through 12.8.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10075 MEDIUM This Month

GitLab 12.5 through 12.8.1 allows HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10092 MEDIUM This Month

GitLab 12.1 through 12.8.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab Grafana
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10091 MEDIUM This Month

GitLab 9.3 through 12.8.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10078 MEDIUM This Month

GitLab 12.1 through 12.8.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10544 MEDIUM PATCH This Month

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Primefaces
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10090 MEDIUM This Month

GitLab 11.7 through 12.8.1 allows Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10086 MEDIUM This Month

GitLab 10.4 through 12.8.1 allows Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-10085 MEDIUM This Month

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10084 MEDIUM This Month

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10082 MEDIUM This Month

GitLab 12.2 through 12.8.1 allows Denial of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-10080 MEDIUM This Month

GitLab 8.3 through 12.8.1 allows Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10079 MEDIUM This Month

GitLab 7.10 through 12.8.1 has Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy