Skip to main content
CVE-2020-5776 HIGH POC THREAT This Week

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Magmi
NVD
CVSS 3.1
8.8
EPSS
14.7%
CVE-2020-6136 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-24034 HIGH POC This Week

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deserialization F St 5280 Router Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6135 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-23836 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Warehouse Inventory System
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-23829 HIGH POC This Week

interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-6134 HIGH POC This Week

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6133 HIGH POC This Week

SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6132 HIGH POC This Week

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6128 HIGH POC This Week

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6127 HIGH POC This Week

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6126 HIGH POC This Week

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6125 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6124 HIGH POC This Week

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6131 HIGH POC This Week

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6130 HIGH POC This Week

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6129 HIGH POC This Week

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6123 HIGH POC This Week

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6122 HIGH POC This Week

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6121 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6120 HIGH POC This Week

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6119 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6118 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6117 HIGH POC This Week

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-24955 HIGH POC This Week

SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Professional X
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-6152 HIGH POC This Week

A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Imagegear
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-8023 HIGH POC This Week

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Openldap2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-23971 HIGH POC This Week

gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gmapfp
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7669 HIGH POC PATCH This Week

This affects all versions of package github.com/u-root/u-root/pkg/tarutil. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal U Root
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-7666 HIGH POC PATCH This Week

This affects all versions of package github.com/u-root/u-root/pkg/cpio. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal U Root
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7665 HIGH POC PATCH This Week

This affects all versions of package github.com/u-root/u-root/pkg/uzip. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal U Root
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-7720 HIGH POC PATCH This Week

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Forge
NVD GitHub
CVSS 3.1
7.3
EPSS
3.2%
CVE-2020-25070 HIGH This Week

USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Usvn
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-16208 HIGH This Week

The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-17405 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Symphony
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2241 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Database
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2240 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Database
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-25067 HIGH This Week

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R8300 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-24559 HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple Apex One Officescan +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24557 HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24556 HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Microsoft Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24554 HIGH PATCH This Week

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Open Redirect Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-24584 HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-24583 HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-14178 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-12776 HIGH This Week

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail2000
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-24558 HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-2245 HIGH This Week

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Valgrind
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy