Skip to main content
CVE-2020-24193 CRITICAL POC Act Now

A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Daily Tracker System
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-25042 HIGH POC THREAT Act Now

An arbitrary file upload issue exists in Mara CMS 7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Maracms
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
18.2%
CVE-2020-25006 CRITICAL POC Act Now

Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PHP Heybbs
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-25005 CRITICAL POC Act Now

Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PHP Heybbs
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-25004 CRITICAL POC Act Now

Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PHP Heybbs
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-24949 HIGH POC THREAT This Week

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
67.3%
CVE-2020-24999 HIGH POC This Week

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-24996 HIGH POC This Week

There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-25125 HIGH POC PATCH This Week

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnupg Gpg4win
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-11579 HIGH POC THREAT This Week

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Phpkb
NVD GitHub
CVSS 3.1
7.5
EPSS
26.5%
CVE-2020-25068 HIGH POC This Week

Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Conacwin
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-24948 HIGH POC THREAT This Week

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Autoptimize
NVD
CVSS 3.1
7.2
EPSS
13.1%
CVE-2020-7729 HIGH POC PATCH This Week

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

RCE Grunt Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-25102 MEDIUM POC This Month

silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Advanced Reports
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-23814 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-13972 MEDIUM POC This Month

Enghouse Web Chat 6.2.284.34 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Chat
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-1889 CRITICAL Act Now

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Whatsapp Desktop
NVD
CVSS 3.1
10.0
EPSS
4.8%
CVE-2020-1891 CRITICAL Act Now

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-24876 CRITICAL Act Now

Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Pancake
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-25105 CRITICAL Act Now

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eramba
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-14373 MEDIUM POC PATCH This Month

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Ghostscript Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-24863 MEDIUM POC PATCH This Month

A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Midnightbsd Freebsd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-25104 MEDIUM POC This Month

eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-1894 HIGH This Week

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Whatsapp +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-1886 HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-25124 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25123 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25122 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25121 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-25120 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25119 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-25118 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25117 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25116 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25115 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-24162 HIGH This Week

The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tencent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24161 HIGH This Week

Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Netease Mail Master
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24160 HIGH This Week

Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Tim
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24159 HIGH This Week

NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netease Youdao Dictionary
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24158 HIGH This Week

360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Speed Browser
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7381 HIGH This Week

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Nexpose
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-5420 HIGH This Week

Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cf Deployment Gorouter
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2020-1890 HIGH This Week

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-23811 HIGH This Week

xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xxl Job
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4638 HIGH This Week

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Api Connect
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-9199 MEDIUM This Month

B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection B2368 22 Firmware B2368 57 Firmware B2368 66 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-7382 MEDIUM This Month

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-4337 MEDIUM This Month

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-12058 MEDIUM PATCH This Month

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ce Phoenix
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25093 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy