Skip to main content
CVE-2020-13404 HIGH POC This Week

The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe Command Injection Atos Sips
NVD GitHub
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-17366 HIGH POC This Week

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Routinator
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2020-7298 HIGH This Week

Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Total Protection
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-4481 HIGH This Week

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Urbancode Deploy
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2020-16253 HIGH PATCH This Week

The PgHero gem through 2.6.0 for Ruby allows CSRF. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pghero
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-15127 HIGH PATCH This Week

In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Contour
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15113 HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy