Skip to main content
CVE-2020-11820 CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11819 CRITICAL POC THREAT Act Now

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Rukovoditel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
26.8%
CVE-2020-11816 CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11815 CRITICAL POC Act Now

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11811 CRITICAL POC Act Now

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qdpm
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-11825 HIGH POC This Week

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dolibarr Erp Crm
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11818 HIGH POC This Week

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rukovoditel
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-7485 CRITICAL Act Now

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tristation 1131
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-7224 CRITICAL Act Now

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Microsoft Authentication Bypass Apple Openvpn
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7114 CRITICAL Act Now

A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-1964 CRITICAL PATCH Act Now

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Heron
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-11812 CRITICAL Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11823 MEDIUM POC This Month

In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11814 MEDIUM POC This Month

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Qdpm
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-3653 CRITICAL Act Now

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Microsoft Information Disclosure Msm8998 Firmware Qca6390 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-3652 CRITICAL Act Now

Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Microsoft Information Disclosure Msm8998 Firmware Qca6390 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-2180 HIGH PATCH This Week

Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Amazon Web Services Serverless Application Model
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-2179 HIGH PATCH This Week

Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Yaml Axis
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-7486 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tricon Tcm 4351 Firmware Tricon Tcm 4352 Firmware Tricon Tcm 4351A Firmware Tricon Tcm 4351B Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-7484 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tristation 1131
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7483 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tristation 1131
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-11826 HIGH This Week

Users can lock their notes with a password in Memono version 3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memono
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-3651 HIGH PATCH This Week

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4347 HIGH This Week

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
7.3
EPSS
1.8%
CVE-2020-7111 HIGH This Week

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Clearpass
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-2178 HIGH PATCH This Week

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Parasoft Findings
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-11007 MEDIUM PATCH This Month

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Shopizer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4338 MEDIUM This Month

IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5294 MEDIUM PATCH This Month

PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop Socialfollow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5273 MEDIUM PATCH This Month

In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop Linklist
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5266 MEDIUM PATCH This Month

In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop Link
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-11813 MEDIUM This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7113 MEDIUM This Month

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clearpass
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-7110 MEDIUM This Month

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Clearpass
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-2177 MEDIUM PATCH This Month

Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Copr
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-4260 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy