Skip to main content
CVE-2020-7611 CRITICAL POC PATCH Act Now

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Code Injection Micronaut
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11105 CRITICAL POC Act Now

An issue was discovered in USC iLab cereal through 1.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cereal
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-5723 CRITICAL POC Act Now

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2020-5551 HIGH POC This Week

Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Display Control Unit
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-5726 HIGH POC This Week

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.2%
CVE-2020-5724 HIGH POC THREAT This Week

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
7.5
EPSS
11.9%
CVE-2020-11106 MEDIUM POC This Month

An issue was discovered in Responsive Filemanager through 9.14.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Responsive Filemanager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-5725 MEDIUM POC This Month

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-10560 MEDIUM POC This Month

An issue was discovered in Open Source Social Network (OSSN) through 5.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Open Source Social Network
NVD GitHub
CVSS 3.1
5.9
EPSS
3.8%
CVE-2020-10374 CRITICAL Act Now

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prtg Network Monitor
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-7610 CRITICAL PATCH Act Now

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Bson
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-11104 MEDIUM POC This Month

An issue was discovered in USC iLab cereal through 1.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cereal
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-5284 MEDIUM POC PATCH THREAT This Month

Next.js versions before 9.3.2 have a directory traversal vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub
CVSS 3.1
4.3
EPSS
43.4%
CVE-2020-5275 HIGH PATCH This Week

In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Symfony
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-8509 HIGH This Week

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.1
7.5
EPSS
10.4%
CVE-2020-5527 HIGH This Week

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cr800 Q Firmware Fx3G Firmware Fx3Gc Firmware Fx3S Firmware +42
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5289 MEDIUM PATCH This Month

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Elide
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-7599 MEDIUM PATCH This Month

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plugin Publishing
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-9055 MEDIUM This Month

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Lynx Customer Service Portal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-5274 MEDIUM PATCH This Month

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Symfony
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-5255 MEDIUM PATCH This Month

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Symfony
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy