Skip to main content
CVE-2020-24572 HIGH POC PATCH This Week

An issue was discovered in includes/webconsole.php in RaspAP 2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
6.8%
CVE-2020-24364 HIGH POC This Week

MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Minetime
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-14043 HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP Codiad
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-19889 HIGH POC This Week

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dbhcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-19886 HIGH POC This Week

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Dbhcms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-7377 HIGH POC This Week

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metasploit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-19878 HIGH POC This Week

DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dbhcms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14044 HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF PHP Codiad
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-19891 HIGH POC This Week

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption PHP Dbhcms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-7831 HIGH This Week

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ebiz4U
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-7705 HIGH This Week

This affects the package MintegralAdSDK from 0.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mintegraladsdk
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-4587 HIGH This Week

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Memory Corruption Connect Sterling Connect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24606 HIGH PATCH This Week

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-13101 HIGH This Week

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Oasis Digital Signature Services
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-14350 HIGH This Week

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Debian Linux Leap Ubuntu Linux
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-14349 HIGH This Week

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PostgreSQL Leap
NVD
CVSS 3.1
7.1
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy