Skip to main content
CVE-2020-12800 CRITICAL POC THREAT Emergency

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Drag And Drop Multiple File Upload Contact Form 7
NVD
CVSS 3.1
9.8
EPSS
78.8%
CVE-2020-8180 CRITICAL POC Act Now

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection Talk
NVD
CVSS 3.1
9.9
EPSS
1.7%
CVE-2020-6109 CRITICAL POC Act Now

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Zoom
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-6110 HIGH POC This Week

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Zoom
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-13885 HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix Workspace App
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13884 HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix Workspace App
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13866 HIGH POC This Week

WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wingate
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-13960 HIGH POC This Week

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl 2730U Firmware Dir 600M Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13432 HIGH POC PATCH THREAT This Week

rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Http File Server
NVD GitHub
CVSS 3.1
7.5
EPSS
30.9%
CVE-2020-13625 HIGH POC PATCH This Week

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Phpmailer Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-8172 HIGH POC PATCH This Week

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Node Js Banking Extensibility Workbench Blockchain Platform Graalvm +1
NVD
CVSS 3.1
7.4
EPSS
6.1%
CVE-2020-4041 MEDIUM POC PATCH This Month

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bolt
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-9099 CRITICAL Act Now

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Ips Module Firmware Ngfw Module Firmware Nip6300 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-12049 MEDIUM POC PATCH This Month

An issue was discovered in dbus >= 1.3.0 before 1.12.18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Dbus Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-7676 MEDIUM POC PATCH This Month

angular.js prior to 1.8.0 allows cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angularjs
NVD GitHub
CVSS 3.1
5.4
EPSS
2.1%
CVE-2020-9042 HIGH This Week

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Couchbase Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-12773 HIGH This Week

A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Adsl Router Soc Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-4040 MEDIUM POC PATCH This Month

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bolt
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-13428 HIGH PATCH This Week

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-5304 HIGH This Week

The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Whitesource
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-12695 HIGH This Week

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Unifi Controller Hostapd Rt N11 Adsl +213
NVD GitHub
CVSS 3.1
7.5
EPSS
15.2%
CVE-2020-9041 HIGH This Week

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server Sync Gateway
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9040 HIGH This Week

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Couchbase Server Java Sdk
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4038 HIGH PATCH This Week

GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Graphql Playground Html Graphql Playground Middleware Express Graphql Playground Middleware Hapi +2
NVD GitHub
CVSS 3.1
7.4
EPSS
7.2%
CVE-2020-4529 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Maximo Asset Management
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-12803 MEDIUM This Month

ODF documents can contain forms to be filled out by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Leap Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-13844 MEDIUM PATCH This Month

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Cortex A32 Firmware Cortex A35 Firmware Cortex A53 Firmware Cortex A57 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8954 MEDIUM This Month

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Openbrowser
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12802 MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Leap
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-13696 MEDIUM PATCH This Month

An issue was discovered in LinuxTV xawtv before 3.107. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xawtv Debian Linux Backports Sle Leap +2
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-10754 MEDIUM PATCH This Month

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Networkmanager Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-1775 MEDIUM This Month

BCC recipients in mails sent from OTRS are visible in article detail on external interface.0.3 and prior versions, 7.0.17 and prior versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy