Skip to main content
CVE-2020-13155 HIGH POC This Week

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-14978 HIGH POC This Week

An issue was discovered in F-Secure SAFE 17.7 on macOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Safe
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2020-14977 HIGH POC This Week

An issue was discovered in F-Secure SAFE 17.7 on macOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Safe
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-14975 HIGH POC This Week

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Iobit Unlocker
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14939 HIGH POC This Week

An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Freedroidrpg
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-7668 HIGH POC PATCH This Week

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Compression And Archive Extensions Tz Project
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7664 HIGH POC PATCH This Week

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Compression And Archive Extensions Zip Project
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-14940 HIGH POC This Week

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Tuxguitar
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-14974 HIGH POC PATCH This Week

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Iobit Unlocker
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-12033 HIGH This Week

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Services Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-11068 HIGH PATCH This Week

In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Loramac Node
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-5367 HIGH This Week

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Unisphere For Powermax Emc Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-14971 HIGH PATCH This Week

Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP Pi Hole
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy