Skip to main content
CVE-2020-24715 CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Scalyr Agent
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-24714 CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Scalyr Agent
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-24203 CRITICAL POC Act Now

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-24202 CRITICAL POC Act Now

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE House Rental And Property Listing Project
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-23979 CRITICAL POC Act Now

13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP 13Enforme Cms
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-23978 CRITICAL POC Act Now

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Cms
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-23976 CRITICAL POC Act Now

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Cms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-23973 CRITICAL POC Act Now

KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Kandnconcepts Club Cms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-23980 CRITICAL POC Act Now

DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Conference Management
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-24717 HIGH POC PATCH This Week

OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Openzfs
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24716 HIGH POC PATCH This Week

OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Openzfs
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-23972 HIGH POC THREAT This Week

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gmapfp
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
31.4%
CVE-2020-24196 HIGH POC This Week

An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Online Bike Rental
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-23982 MEDIUM POC This Month

DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Conference Management Cms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-23981 MEDIUM POC This Month

13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP 13Enforme Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-23977 MEDIUM POC This Month

KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kandnconcepts Club Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-23975 MEDIUM POC This Month

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ecommerce Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-23576 MEDIUM POC This Month

Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Neon
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23984 MEDIUM POC This Month

Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Hotel Booking System Pro
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-23983 MEDIUM POC This Month

Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ichat
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-23974 MEDIUM POC This Month

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Create Project Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10518 HIGH This Week

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Github
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-3415 HIGH This Week

A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Cisco RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-24705 HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics Identity Server Identity Server Analytics +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-24703 HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-3517 HIGH This Week

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Null Pointer Dereference Denial Of Service Firepower Extensible Operating System Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3398 HIGH This Week

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-3397 HIGH This Week

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-15605 HIGH PATCH This Week

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-15601 HIGH PATCH This Week

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-3394 HIGH This Week

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3338 HIGH This Week

A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-4174 HIGH PATCH This Week

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Insights
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-4169 HIGH PATCH This Week

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Insights
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-8602 HIGH PATCH This Week

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2020-3454 HIGH This Week

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Nx Os
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-4603 HIGH PATCH This Week

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

IBM Privilege Escalation Security Guardium Insights
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-24618 MEDIUM This Month

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-4167 MEDIUM PATCH This Month

IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Security Guardium Insights
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-24706 MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Identity Server Identity Server Analytics +2
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-24704 MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24390 MEDIUM PATCH This Month

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Eyesofnetwork
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4575 MEDIUM PATCH This Month

IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4175 MEDIUM PATCH This Month

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Guardium Insights
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-14729 MEDIUM This Month

Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Suitecommerce Advanced
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14728 MEDIUM This Month

Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Suitecommerce Advanced
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5383 MEDIUM This Month

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Emc Isilon Emc Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-4172 MEDIUM PATCH This Month

IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Guardium Insights
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4166 MEDIUM PATCH This Month

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Insights
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-10517 MEDIUM This Month

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Github
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy