Skip to main content
CVE-2020-14950 HIGH POC This Week

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aapanel
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-14942 CRITICAL PATCH Act Now

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Tendenci
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-14958 MEDIUM PATCH This Month

In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-14954 MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux Neomutt Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy