Skip to main content
CVE-2020-12835 CRITICAL POC THREAT Act Now

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Readyapi
NVD
CVSS 3.1
9.8
EPSS
11.7%
CVE-2020-3956 HIGH POC THREAT This Week

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE VMware Vcloud Director
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
21.1%
CVE-2020-13241 HIGH POC This Week

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13246 HIGH POC PATCH This Week

An issue was discovered in Gitea through 1.11.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitea Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-9484 HIGH POC PATCH THREAT This Week

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server;. Rated high severity (CVSS 7.0). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache RCE Deserialization Tomcat Debian Linux +24
NVD
CVSS 3.1
7.0
EPSS
56.6%
CVE-2020-13231 MEDIUM POC This Month

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cacti Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-1955 CRITICAL Act Now

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchdb
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11716 CRITICAL Act Now

Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Eluga Ray 530 Firmware Eluga Ray 600 Firmware P110 Firmware Eluga Z1 Pro Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9409 CRITICAL PATCH Act Now

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Jasperreports Server Retail Order Broker
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-13226 CRITICAL Act Now

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Api Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-13152 MEDIUM POC This Month

A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Amarok
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.4%
CVE-2020-13240 MEDIUM POC This Month

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13239 MEDIUM POC This Month

The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-9753 CRITICAL Act Now

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Whale Browser Installer
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-13249 HIGH PATCH This Week

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Connector C Leap Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-9410 HIGH PATCH This Week

The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jasperreports Library Jasperreports Server Retail Order Broker
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2020-13225 MEDIUM POC This Month

phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpipam
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-13230 MEDIUM POC This Month

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cacti Debian Linux Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-12034 HIGH PATCH This Week

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior,. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Eds Subsystem Rslinx Rslinx Enterprise Rsnetworx +1
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-10725 HIGH PATCH This Week

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Data Plane Development Kit Fedora Leap Enterprise Communications Broker
NVD
CVSS 3.1
7.7
EPSS
2.2%
CVE-2020-5365 HIGH This Week

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5364 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5579 HIGH This Week

SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Paid Memberships Pro
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-11078 MEDIUM PATCH This Month

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Httplib2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
2.6%
CVE-2020-4461 MEDIUM This Month

IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-5753 MEDIUM This Month

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Private Messenger Signal
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-10726 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Data Plane Development Kit Fedora Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy