Skip to main content
CVE-2020-25291 HIGH POC This Week

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption Wps Office
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-25287 HIGH POC This Week

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pligg
NVD GitHub
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-25289 MEDIUM POC This Month

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secureline Vpn
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25285 MEDIUM PATCH This Month

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).

Race Condition Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-25286 MEDIUM PATCH This Month

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-25284 MEDIUM PATCH This Month

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map. Rated medium severity (CVSS 4.1). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Linux Authentication Bypass Linux Kernel Debian Linux Leap
NVD
CVSS 3.1
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy