Skip to main content
CVE-2020-6145 HIGH POC This Week

An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Erpnext
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-8224 HIGH POC This Week

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection OpenSSL Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-6070 HIGH POC This Week

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE F2Fs Tools Fedora
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-16277 HIGH This Week

An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Saint Security Suite
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-16276 HIGH This Week

An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Saint Security Suite
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15659 HIGH PATCH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +4
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-15656 HIGH This Week

JIT optimizations involving the Javascript arguments object could confuse later optimizations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Information Disclosure Firefox Firefox Esr +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-13295 HIGH This Week

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Runner
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-12781 HIGH This Week

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-9525 HIGH This Week

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure P2P
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-9078 HIGH This Week

FusionCompute 8.0.0 have local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fusioncompute
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-15657 HIGH This Week

Firefox could be made to load attacker-supplied DLL files from the installation directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-17478 HIGH PATCH This Week

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure P5 Crypt Perl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-9528 HIGH This Week

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shenzhen Hichip Vision Technology Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12780 HIGH This Week

A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12777 HIGH This Week

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-15647 HIGH This Week

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
7.4
EPSS
1.1%
CVE-2020-13293 HIGH This Week

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy