Skip to main content
CVE-2020-10564 CRITICAL POC Act Now

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE Path Traversal Wordpress File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2020-1953 CRITICAL PATCH Act Now

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Commons Configuration Database Server Healthcare Foundation
NVD
CVSS 3.1
10.0
EPSS
6.7%
CVE-2020-10563 CRITICAL PATCH Act Now

An issue was discovered in DEVOME GRR before 3.4.1c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Grr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-10077 CRITICAL Act Now

GitLab EE 3.0 through 12.8.1 allows SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10074 CRITICAL Act Now

GitLab 10.1 through 12.8.1 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10541 CRITICAL Act Now

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho RCE Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2020-10083 CRITICAL Act Now

GitLab 12.7 through 12.8.1 has Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-1887 CRITICAL PATCH Act Now

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Osquery
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy