Skip to main content
CVE-2020-15165 CRITICAL POC Act Now

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chameleon Mini Live Debugger
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-15164 CRITICAL PATCH Act Now

in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Scratch Login
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2020-5624 CRITICAL Act Now

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Xoonips
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-16610 MEDIUM POC PATCH This Month

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Hoosk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-15159 HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE PHP Basercms
NVD GitHub
CVSS 3.1
7.6
EPSS
2.2%
CVE-2020-9298 HIGH PATCH This Week

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Information Disclosure Orca
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4559 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Spectrum Protect
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-15155 HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
CVSS 3.1
7.3
EPSS
1.3%
CVE-2020-15154 HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-5625 MEDIUM This Month

Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xoonips
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-5623 MEDIUM This Month

NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect Apple Nitori
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5621 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear CSRF Gs716Tv2 Firmware Gs724Tv3 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4591 LOW PATCH Monitor

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy