Skip to main content
CVE-2020-25575 CRITICAL POC PATCH Act Now

An issue was discovered in the failure crate through 0.1.5 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Failure
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-25573 CRITICAL POC PATCH Act Now

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Linked Hash Map
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-24660 CRITICAL POC PATCH Act Now

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Nginx Lemonldap Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11684 CRITICAL POC PATCH Act Now

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure At91Bootstrap
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-10229 HIGH POC This Week

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-10228 HIGH POC This Week

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-25379 HIGH POC This Week

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Recall Products
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15590 HIGH POC This Week

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Linux Authentication Bypass Private Internet Access Vpn Client
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-11881 HIGH POC This Week

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-25574 HIGH POC PATCH This Week

An issue was discovered in the http crate before 0.1.20 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Http
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-25540 HIGH POC THREAT This Week

ThinkAdmin v6 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Thinkadmin
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
75.9%
CVE-2020-0570 HIGH POC PATCH This Week

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2020-11683 MEDIUM POC PATCH This Month

A timing side channel was discovered in AT91bootstrap before 3.9.2. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE At91Bootstrap
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-21733 MEDIUM POC This Month

Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS F St 3686 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-10227 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vtenext
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-21845 MEDIUM POC This Month

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-25378 MEDIUM POC This Month

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Floating Menu
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-13300 CRITICAL Act Now

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-13312 CRITICAL Act Now

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-25576 CRITICAL PATCH Act Now

An issue was discovered in the rand_core crate before 0.4.2 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rand
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-25380 MEDIUM POC This Month

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Recall Products
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-25375 MEDIUM POC This Month

Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Smart Crm Invoices
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13309 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13299 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-8817 HIGH This Week

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Science Studio
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-24457 HIGH This Week

Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Information Disclosure Core I7 8665Ue Firmware +48
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2020-13315 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13306 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12789 HIGH This Week

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atsama5D21C Cu Firmware Atsama5D21C Cur Firmware Atsama5D22C Cn Firmware Atsama5D22C Cnr Firmware +72
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12788 HIGH This Week

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atsama5D21C Cu Firmware Atsama5D21C Cur Firmware Atsama5D22C Cn Firmware Atsama5D22C Cnr Firmware +72
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-12787 HIGH This Week

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atsama5D21C Cu Firmware Atsama5D21C Cur Firmware Atsama5D22C Cn Firmware Atsama5D22C Cnr Firmware +72
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13318 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-13304 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-13302 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-13310 MEDIUM This Month

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-13284 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-21732 MEDIUM This Month

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-21731 MEDIUM This Month

Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Gazie
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-22158 MEDIUM This Month

MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ericsson Rx8200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13298 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
1.2%
CVE-2020-7807 MEDIUM This Month

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Ipsfullhd Lg Ultrawide Lgpcsuite Setup +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-13297 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-13289 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13314 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-13317 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-13301 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-13305 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-13313 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-13311 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-13316 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy