Skip to main content
CVE-2020-13151 CRITICAL POC THREAT Emergency

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Aerospike Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.7%
CVE-2020-13404 HIGH POC This Week

The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe Command Injection Atos Sips
NVD GitHub
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-17366 HIGH POC This Week

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Routinator
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2020-9036 MEDIUM POC This Month

Jeedom through 4.0.38 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeedom
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2020-16254 MEDIUM POC PATCH This Month

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Chartkick
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5609 CRITICAL Act Now

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Centum Cs 3000 Firmware Centum Vp Firmware B M9000Cs Firmware B M9000Vp Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-5608 CRITICAL Act Now

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Centum Cs 3000 Firmware Centum Vp Firmware B M9000Cs Firmware B M9000Vp Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-17353 CRITICAL Act Now

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lilypond Fedora Debian Linux Backports Sle +1
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-13921 CRITICAL PATCH Act Now

**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub
CVSS 3.1
9.8
EPSS
33.5%
CVE-2020-15132 MEDIUM POC PATCH This Month

In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sulu
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7298 HIGH This Week

Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Total Protection
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-4481 HIGH This Week

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Urbancode Deploy
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2020-16253 HIGH PATCH This Week

The PgHero gem through 2.6.0 for Ruby allows CSRF. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pghero
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-15127 HIGH PATCH This Week

In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Contour
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15113 HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-8607 MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit Apex One Deep Security +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-14344 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow Libx11 Fedora +2
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-15112 MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15106 MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-16192 MEDIUM PATCH This Month

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-17364 MEDIUM PATCH This Month

USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS User Friendly Svn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13819 MEDIUM This Month

Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extreme Management Center
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14347 MEDIUM PATCH This Month

A flaw was found in the way xserver memory was not properly initialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure X Server Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-16252 MEDIUM PATCH This Month

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Field Test
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-4243 LOW PATCH Monitor

IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
3.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy