Skip to main content
CVE-2020-8147 CRITICAL POC Act Now

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Denial Of Service Utils Extend
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-8638 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Testlink
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8637 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Testlink
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-8639 HIGH POC PATCH THREAT This Week

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE PHP Testlink
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
15.9%
CVE-2020-11500 HIGH POC This Week

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8142 MEDIUM POC This Month

A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Revive Adserver
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-10689 MEDIUM POC PATCH This Month

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Che
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-8143 MEDIUM POC THREAT This Month

An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Open Redirect PHP Revive Adserver
NVD
CVSS 3.1
6.1
EPSS
70.4%
CVE-2020-6994 CRITICAL Act Now

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Hirschmann Hios Hirschmann Hisecos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-10599 CRITICAL Act Now

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Vbase Editor Vbase Web Remote
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-10960 MEDIUM POC PATCH This Month

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7004 HIGH This Week

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Vbase Editor Vbase Web Remote
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-10601 HIGH This Week

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vbase Editor Vbase Web Remote
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-4273 HIGH PATCH This Week

IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7008 HIGH This Week

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vbase Editor Vbase Web Remote
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-7000 HIGH This Week

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vbase Editor Vbase Web Remote
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5283 LOW POC PATCH Monitor

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Viewvc
NVD GitHub
CVSS 3.1
3.5
EPSS
1.2%
CVE-2020-11501 HIGH PATCH This Week

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Ubuntu Linux Debian Linux Leap +1
NVD
CVSS 3.1
7.4
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy