Skip to main content
CVE-2020-11673 CRITICAL POC Act Now

An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Responsive Poll
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-6450 HIGH POC This Week

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6448 HIGH POC This Week

Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6447 HIGH POC This Week

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6434 HIGH POC This Week

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6430 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-11738 HIGH POC KEV THREAT This Week

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Duplicator
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
97.8%
CVE-2020-11732 HIGH POC This Week

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Media Library Assistant
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-6444 MEDIUM POC This Month

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +2
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2020-11734 MEDIUM POC This Month

cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cybermail
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-6455 HIGH This Week

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6454 HIGH This Week

Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6452 HIGH This Week

Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6451 HIGH PATCH This Week

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6443 HIGH This Week

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6439 HIGH This Week

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6436 HIGH This Week

Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-6423 HIGH This Week

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-9478 HIGH This Week

An issue was discovered in Rubrik 5.0.3-2296. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Cdm
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-6442 MEDIUM POC This Month

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2020-6438 MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-6437 MEDIUM POC This Month

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-10646 HIGH This Week

Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow V Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-10642 HIGH This Week

In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Information Disclosure Rslinx Classic
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1759 MEDIUM PATCH This Month

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Ceph Storage Openshift Openstack +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2020-6456 MEDIUM This Month

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-6446 MEDIUM This Month

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6445 MEDIUM This Month

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-8430 MEDIUM This Month

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Stormshield Network Security
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-11731 MEDIUM This Month

The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Media Library Assistant
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-1730 MEDIUM PATCH This Month

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libssh Cloud Backup Ubuntu Linux +3
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-8148 MEDIUM PATCH This Month

UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubiquiti Authentication Bypass Cloud Key Gen2 Cloud Key Gen2 Plus
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-6441 MEDIUM This Month

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6440 MEDIUM This Month

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-6435 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6433 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6432 MEDIUM This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6431 MEDIUM This Month

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-11736 LOW PATCH Monitor

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal File Roller Debian Linux Ubuntu Linux
NVD
CVSS 3.1
3.9
EPSS
0.8%
CVE-2020-3126 LOW Monitor

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 3.1
3.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy