Skip to main content
CVE-2020-12429 CRITICAL POC Act Now

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Online Course Registration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-12284 CRITICAL POC PATCH Act Now

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Ffmpeg Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-12078 HIGH POC PATCH This Week

An issue was discovered in Open-AudIT 3.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Open Audit
NVD GitHub
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-7644 HIGH POC This Week

fun-map through 3.3.1 is vulnerable to Prototype Pollution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Fun Map
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-12243 HIGH POC PATCH This Week

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openldap Debian Linux Leap Ubuntu Linux +14
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-12442 CRITICAL Act Now

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Ivanti SQLi Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-1745 CRITICAL PATCH Act Now

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Undertow
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-12261 MEDIUM POC This Month

Open-AudIT 3.3.0 allows an XSS attack after login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2020-12438 MEDIUM POC PATCH This Month

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-11014 HIGH PATCH This Week

Electron-Cash-SLP before version 3.6.2 has a vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Electron Cash Slp
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-12103 HIGH This Week

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tiny File Manager
NVD GitHub
CVSS 3.1
7.7
EPSS
1.5%
CVE-2020-12102 HIGH This Week

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tiny File Manager
NVD GitHub
CVSS 3.1
7.7
EPSS
1.8%
CVE-2020-10663 HIGH PATCH This Week

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Json Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-10641 HIGH This Week

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ignition Gateway
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5567 HIGH This Week

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-12430 MEDIUM PATCH This Month

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Libvirt Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-9482 MEDIUM PATCH This Month

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nifi Registry
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-5568 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5564 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10944 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hashicorp Nomad
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10094 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cs31X Firmware Cs41X Firmware Cs51X Firmware Cx310 Firmware +76
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10093 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cs31X Firmware Cs41X Firmware Cs51X Firmware Cx310 Firmware +76
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5570 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sales Force Assistant
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-7451 MEDIUM PATCH This Month

In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Freebsd
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-5563 MEDIUM This Month

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-1774 MEDIUM This Month

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-5562 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Garoon
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-4329 MEDIUM This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-12286 MEDIUM This Month

In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-5566 MEDIUM This Month

Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-5565 MEDIUM This Month

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy