Skip to main content
CVE-2020-3950 HIGH POC KEV THREAT Act Now

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
7.3%
CVE-2020-10121 CRITICAL Act Now

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-10119 CRITICAL Act Now

cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-10380 CRITICAL Act Now

RMySQL through 0.10.19 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rmysql
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-10596 MEDIUM POC This Month

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.7%
CVE-2020-10118 CRITICAL Act Now

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2020-10117 CRITICAL Act Now

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2020-10120 HIGH This Week

cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-10115 HIGH This Week

cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-1720 MEDIUM PATCH This Month

A flaw was found in PostgreSQL's "ALTER ... Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PostgreSQL Authentication Bypass Decision Manager Software Collections Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-10122 MEDIUM This Month

cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-10114 MEDIUM This Month

cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-10113 MEDIUM This Month

cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6646 MEDIUM This Month

An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-10116 MEDIUM This Month

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-3951 LOW Monitor

VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption VMware Horizon Client +1
NVD
CVSS 3.1
3.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy