Skip to main content
CVE-2020-8163 HIGH POC PATCH THREAT This Week

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Rails Debian Linux
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
83.1%
CVE-2020-8188 HIGH This Week

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Command Injection Unifi Protect Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15082 HIGH PATCH This Week

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-2211 HIGH This Week

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Deserialization Jenkins Kubernetes Ci
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-8161 HIGH PATCH This Week

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Path Traversal Rack Debian Linux Ubuntu Linux
NVD
CVSS 3.1
8.6
EPSS
3.6%
CVE-2020-12119 HIGH PATCH This Week

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ledger Live
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-15503 HIGH PATCH This Week

LibRaw before 0.20-RC1 lacks a thumbnail size range check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libraw Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-5910 HIGH This Week

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nginx Nginx Controller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-15502 HIGH PATCH This Week

The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Duckduckgo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3402 HIGH This Week

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Authentication Bypass Unified Customer Voice Portal
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-5911 HIGH This Week

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu Nginx Debian Kubernetes Information Disclosure +1
NVD
CVSS 3.1
7.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy