Skip to main content
CVE-2020-10540 HIGH This Week

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webuntis
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-5240 HIGH PATCH This Week

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
CVSS 3.1
8.5
EPSS
0.8%
CVE-2020-5257 HIGH PATCH This Week

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Nosql Injection SQLi Administrate
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-10088 HIGH This Week

GitLab 12.5 through 12.8.1 has Insecure Permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-10073 HIGH This Week

GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10089 HIGH This Week

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10087 HIGH This Week

GitLab before 12.8.2 allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8571 HIGH This Week

StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Storagegrid
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10562 HIGH PATCH This Week

An issue was discovered in DEVOME GRR before 3.4.1c. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Grr
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy