Skip to main content
CVE-2020-10808 HIGH POC PATCH THREAT Act Now

Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Vesta Control Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
77.3%
CVE-2020-10818 HIGH POC This Week

Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2020-10806 CRITICAL PATCH Act Now

eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE PHP Ez Publish Kernel Ez Publish Legacy
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-10812 MEDIUM POC This Month

An issue was discovered in HDF5 through 1.12.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hdf5
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-10811 MEDIUM POC This Month

An issue was discovered in HDF5 through 1.12.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Hdf5
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-10810 MEDIUM POC This Month

An issue was discovered in HDF5 through 1.12.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hdf5
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-10809 MEDIUM POC This Month

An issue was discovered in HDF5 through 1.12.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Hdf5
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-10821 MEDIUM POC THREAT This Month

Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.1
4.8
EPSS
71.1%
CVE-2020-10820 MEDIUM POC THREAT This Month

Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
4.8
EPSS
27.4%
CVE-2020-10819 MEDIUM POC THREAT This Month

Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
4.8
EPSS
71.3%
CVE-2020-10802 HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Phpmyadmin Debian Linux Fedora +3
NVD
CVSS 3.1
8.0
EPSS
2.1%
CVE-2020-10804 HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phpmyadmin Fedora Backports Sle +2
NVD
CVSS 3.1
8.0
EPSS
2.7%
CVE-2020-10803 MEDIUM PATCH This Month

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi PHP Phpmyadmin Debian Linux +4
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-10807 MEDIUM PATCH This Month

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Caldera
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy