Skip to main content
CVE-2020-8134 HIGH POC PATCH This Week

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ghost
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-10682 HIGH POC This Week

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Cms Made Simple
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-8136 HIGH POC PATCH This Week

Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastify Multipart
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9425 HIGH POC PATCH THREAT This Week

An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Rconfig
NVD GitHub
CVSS 3.1
7.5
EPSS
16.7%
CVE-2020-8882 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-8881 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-8880 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-8878 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-1864 HIGH This Week

Some Huawei products have a security vulnerability due to improper authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Authentication Bypass Secospace Antiddos8000 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-1709 HIGH This Week

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openshift
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10792 HIGH PATCH This Week

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Openitcockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-10597 HIGH This Week

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-1707 HIGH This Week

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation PostgreSQL Openshift
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy