Skip to main content
CVE-2020-10817 HIGH POC This Week

The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Custom Searchable Data Entry System
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6095 HIGH POC PATCH This Week

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gst Rtsp Server Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-10607 HIGH This Week

In Advantech WebAccess, Versions 8.4.2 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-5863 HIGH This Week

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller Cloud Backup
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-5860 HIGH This Week

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Big Iq Centralized Management Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-1773 HIGH This Week

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-3920 HIGH This Week

UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ultralog Express Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-10940 HIGH This Week

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Portico Server 1 Client Portico Server 16 Client Portico Server 4 Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10939 HIGH This Week

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pc Worx Srt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5858 HIGH This Week

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Iq Centralized Management Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10954 HIGH This Week

GitLab through 12.9 is affected by a potential DoS in repository archive download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10953 HIGH This Week

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Gitlab Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5862 HIGH This Week

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5861 HIGH This Week

On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5859 HIGH This Week

On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5857 HIGH This Week

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-1772 HIGH PATCH This Week

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Otrs Backports Sle Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10508 HIGH This Week

Sunnet eHRD, a human training and development management system, improperly stores system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ehrd
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3921 HIGH This Week

UltraLog Express device management software stores user’s information in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ultralog Express Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy