Skip to main content
CVE-2020-25016 CRITICAL POC PATCH Act Now

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rgb Rust
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-24972 HIGH POC PATCH This Week

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Kleopatra Fedora Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2020-25019 HIGH POC PATCH This Week

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Meet Electron
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-25020 CRITICAL PATCH Act Now

MPXJ through 8.1.3 allows XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Mpxj Primavera Unifier
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-24897 HIGH This Week

The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Table Filter And Charts For Confluence Server
NVD
CVSS 3.1
8.9
EPSS
0.9%
CVE-2020-3566 HIGH KEV THREAT This Week

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
8.6
EPSS
3.6%
CVE-2020-24898 MEDIUM This Month

The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian SSRF Table Filter And Charts For Confluence Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-24928 MEDIUM PATCH This Month

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Premid
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy