Skip to main content
CVE-2020-10568 HIGH POC This Week

The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE CSRF PHP Sitepress Multilingual Cms
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-10587 HIGH POC This Week

antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antix Linux Mx Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10578 HIGH POC This Week

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Qcms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10566 HIGH This Week

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10565 HIGH This Week

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10573 HIGH PATCH This Week

An issue was discovered in Janus through 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy