Skip to main content
CVE-2020-15889 CRITICAL POC PATCH Act Now

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Lua
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-15866 CRITICAL POC Act Now

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mruby Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-15888 HIGH POC PATCH This Week

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Lua
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-15877 HIGH POC PATCH This Week

An issue was discovered in LibreNMS before 1.65.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Librenms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15890 HIGH POC This Week

LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Luajit Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-15873 MEDIUM POC PATCH This Month

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Librenms
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14063 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tc Custom Javascript
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-12432 MEDIUM POC This Month

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collabora Online Development Edition
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-15724 HIGH This Week

In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation 360 Total Security
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-15723 HIGH This Week

In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation 360 Total Security
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15722 HIGH This Week

In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation 360 Total Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15879 HIGH This Week

Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-15859 LOW POC PATCH Monitor

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-12499 HIGH This Week

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Plcnext Engineer
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-15102 MEDIUM PATCH This Month

In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dashboard Products
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy