Skip to main content
CVE-2020-10567 CRITICAL POC THREAT Act Now

An issue was discovered in Responsive Filemanager through 9.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Responsive Filemanager
NVD GitHub
CVSS 3.1
9.8
EPSS
19.3%
CVE-2020-10568 HIGH POC This Week

The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE CSRF PHP Sitepress Multilingual Cms
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-10587 HIGH POC This Week

antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antix Linux Mx Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10578 HIGH POC This Week

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Qcms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10574 CRITICAL PATCH Act Now

An issue was discovered in Janus through 0.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Janus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10571 CRITICAL PATCH Act Now

An issue was discovered in psd-tools before 1.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Psd Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-10566 HIGH This Week

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10565 HIGH This Week

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10573 HIGH PATCH This Week

An issue was discovered in Janus through 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10576 MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Janus
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-10577 MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Janus
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-10575 MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Janus
NVD GitHub
CVSS 3.1
4.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy