Skip to main content
CVE-2020-15540 CRITICAL POC Act Now

We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opendata Cms
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-15539 CRITICAL POC Act Now

SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Municipality Portal Cms
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-15530 HIGH POC This Week

An issue was discovered in Valve Steam Client 2.10.91.91. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Steam Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15538 MEDIUM POC This Month

XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Municipality Portal Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-15537 MEDIUM POC This Month

An issue was discovered in the Vanguard plugin 2.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Vanguard
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15536 MEDIUM POC This Month

An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Online Hotel Booking System
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15535 MEDIUM POC This Month

An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Car Rental System
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15543 CRITICAL Act Now

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U Ftp Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15542 CRITICAL Act Now

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U Ftp Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15541 CRITICAL Act Now

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U Ftp Server
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2020-15529 HIGH This Week

An issue was discovered in GOG Galaxy Client 2.0.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15528 HIGH This Week

An issue was discovered in GOG Galaxy Client 2.0.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-15466 HIGH This Week

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy