Skip to main content
CVE-2020-24186 CRITICAL POC THREAT Emergency

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Wpdiscuz
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
94.5%
CVE-2020-7376 CRITICAL POC Act Now

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metasploit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-6637 CRITICAL POC PATCH THREAT Act Now

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
20.1%
CVE-2020-24572 HIGH POC PATCH This Week

An issue was discovered in includes/webconsole.php in RaspAP 2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
6.8%
CVE-2020-24364 HIGH POC This Week

MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Minetime
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-14043 HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP Codiad
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-19889 HIGH POC This Week

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dbhcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-19886 HIGH POC This Week

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dbhcms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-7377 HIGH POC This Week

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metasploit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-19878 HIGH POC This Week

DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dbhcms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14044 HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF PHP Codiad
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-19891 HIGH POC This Week

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption PHP Dbhcms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-24613 MEDIUM POC This Month

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-19880 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-19879 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-19888 MEDIUM POC This Month

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Dbhcms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-19877 MEDIUM POC This Month

DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dbhcms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-19890 MEDIUM POC This Month

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Dbhcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-7831 HIGH This Week

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ebiz4U
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-19887 MEDIUM POC This Month

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-19885 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-19884 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-19883 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-19882 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-19881 MEDIUM POC This Month

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-7705 HIGH This Week

This affects the package MintegralAdSDK from 0.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mintegraladsdk
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-4587 HIGH This Week

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption Connect Sterling Connect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24606 HIGH PATCH This Week

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-13101 HIGH This Week

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Oasis Digital Signature Services
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-14350 HIGH This Week

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Debian Linux Leap Ubuntu Linux
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-14349 HIGH This Week

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PostgreSQL Leap
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2020-4383 MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4598 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Security Guardium Insights
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14367 MEDIUM PATCH This Month

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Chrony Fedora Ubuntu Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-4382 MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4165 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium Insights
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10775 MEDIUM This Month

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Virtualization Ovirt Engine
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-24612 MEDIUM PATCH This Month

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Rated medium severity (CVSS 4.7). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Selinux Policy
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-4593 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Insights
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-4170 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Security Guardium Insights
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy