Skip to main content
CVE-2020-13442 CRITICAL POC Act Now

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Dext5
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13485 CRITICAL POC PATCH Act Now

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Knock Knock
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-13482 HIGH POC PATCH This Week

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Em Http Request Fedora
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2020-5537 CRITICAL Act Now

Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Desktop
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13458 HIGH PATCH This Week

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Image Resizer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13486 MEDIUM PATCH This Month

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Knock Knock
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13459 MEDIUM PATCH This Month

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Image Resizer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy