Skip to main content
CVE-2020-17479 CRITICAL POC PATCH Act Now

jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Json Pattern Validator
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-6145 HIGH POC This Week

An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-8224 HIGH POC This Week

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection OpenSSL Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-6070 HIGH POC This Week

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE F2Fs Tools Fedora
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-17480 MEDIUM POC PATCH This Month

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-9529 CRITICAL Act Now

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Shenzhen Hichip Vision Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-9527 CRITICAL Act Now

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Shenzhen Hichip Vision Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13292 CRITICAL Act Now

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-8229 MEDIUM POC This Month

A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Denial Of Service Desktop
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-16277 HIGH This Week

An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Saint Security Suite
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-16276 HIGH This Week

An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Saint Security Suite
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15659 HIGH PATCH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +4
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-15656 HIGH This Week

JIT optimizations involving the Javascript arguments object could confuse later optimizations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Information Disclosure Firefox Firefox Esr +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-13295 HIGH This Week

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Runner
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-12781 HIGH This Week

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-9525 HIGH This Week

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure P2P
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-9078 HIGH This Week

FusionCompute 8.0.0 have local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fusioncompute
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-15657 HIGH This Week

Firefox could be made to load attacker-supplied DLL files from the installation directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-17478 HIGH PATCH This Week

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure P5 Crypt Perl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-9528 HIGH This Week

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shenzhen Hichip Vision Technology Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12780 HIGH This Week

A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12777 HIGH This Week

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-15647 HIGH This Week

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
7.4
EPSS
1.1%
CVE-2020-13293 HIGH This Week

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-15662 MEDIUM This Month

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-15661 MEDIUM This Month

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-15658 MEDIUM This Month

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15655 MEDIUM This Month

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-15654 MEDIUM This Month

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15653 MEDIUM This Month

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15652 MEDIUM This Month

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15648 MEDIUM This Month

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-16278 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saint Security Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-16275 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saint Security Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15139 MEDIUM PATCH This Month

In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-17476 MEDIUM PATCH This Month

Mibew Messenger before 3.2.7 allows XSS via a crafted user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Messenger
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4541 MEDIUM PATCH This Month

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4539 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4533 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12778 MEDIUM This Month

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-9526 MEDIUM This Month

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure P2P
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-9245 MEDIUM This Month

HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P30 Firmware P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9243 MEDIUM This Month

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15650 MEDIUM This Month

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox Esr
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-15649 MEDIUM This Month

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google File Upload Mozilla Firefox Esr
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-13294 MEDIUM This Month

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-12779 MEDIUM This Month

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15651 MEDIUM This Month

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Apple Firefox
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy