Skip to main content
CVE-2020-3956 HIGH POC THREAT This Week

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE VMware Vcloud Director
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
21.1%
CVE-2020-13241 HIGH POC This Week

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13246 HIGH POC PATCH This Week

An issue was discovered in Gitea through 1.11.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitea Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-9484 HIGH POC PATCH THREAT This Week

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server;. Rated high severity (CVSS 7.0). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache RCE Deserialization Tomcat Debian Linux +24
NVD
CVSS 3.1
7.0
EPSS
56.6%
CVE-2020-13249 HIGH PATCH This Week

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Connector C Leap Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-9410 HIGH PATCH This Week

The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jasperreports Library Jasperreports Server Retail Order Broker
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2020-12034 HIGH PATCH This Week

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior,. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Eds Subsystem Rslinx Rslinx Enterprise Rsnetworx +1
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-10725 HIGH PATCH This Week

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Data Plane Development Kit Fedora Leap Enterprise Communications Broker
NVD
CVSS 3.1
7.7
EPSS
2.2%
CVE-2020-5365 HIGH This Week

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5364 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5579 HIGH This Week

SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Paid Memberships Pro
NVD
CVSS 3.1
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy