Skip to main content
CVE-2020-25042 HIGH POC THREAT Act Now

An arbitrary file upload issue exists in Mara CMS 7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Maracms
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
18.2%
CVE-2020-24949 HIGH POC THREAT This Week

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
67.3%
CVE-2020-24999 HIGH POC This Week

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-24996 HIGH POC This Week

There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-25125 HIGH POC PATCH This Week

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnupg Gpg4win
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-11579 HIGH POC THREAT This Week

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Phpkb
NVD GitHub
CVSS 3.1
7.5
EPSS
26.5%
CVE-2020-25068 HIGH POC This Week

Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Conacwin
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-24948 HIGH POC THREAT This Week

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Autoptimize
NVD
CVSS 3.1
7.2
EPSS
13.1%
CVE-2020-7729 HIGH POC PATCH This Week

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

RCE Grunt Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-1894 HIGH This Week

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Whatsapp +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-1886 HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-24162 HIGH This Week

The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tencent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24161 HIGH This Week

Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Netease Mail Master
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24160 HIGH This Week

Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Tim
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24159 HIGH This Week

NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netease Youdao Dictionary
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24158 HIGH This Week

360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Speed Browser
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7381 HIGH This Week

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Nexpose
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-5420 HIGH This Week

Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cf Deployment Gorouter
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2020-1890 HIGH This Week

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-23811 HIGH This Week

xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xxl Job
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4638 HIGH This Week

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Api Connect
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy