Skip to main content
CVE-2020-10229 HIGH POC This Week

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-10228 HIGH POC This Week

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-25379 HIGH POC This Week

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Recall Products
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15590 HIGH POC This Week

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Linux Authentication Bypass Private Internet Access Vpn Client
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-11881 HIGH POC This Week

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-25574 HIGH POC PATCH This Week

An issue was discovered in the http crate before 0.1.20 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Http
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-25540 HIGH POC THREAT This Week

ThinkAdmin v6 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Thinkadmin
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
75.9%
CVE-2020-0570 HIGH POC PATCH This Week

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2020-13309 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13299 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-8817 HIGH This Week

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Science Studio
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-24457 HIGH This Week

Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Information Disclosure Core I7 8665Ue Firmware +48
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2020-13315 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13306 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12789 HIGH This Week

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atsama5D21C Cu Firmware Atsama5D21C Cur Firmware Atsama5D22C Cn Firmware Atsama5D22C Cnr Firmware +72
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12788 HIGH This Week

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atsama5D21C Cu Firmware Atsama5D21C Cur Firmware Atsama5D22C Cn Firmware Atsama5D22C Cnr Firmware +72
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-12787 HIGH This Week

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atsama5D21C Cu Firmware Atsama5D21C Cur Firmware Atsama5D22C Cn Firmware Atsama5D22C Cnr Firmware +72
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13318 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-13304 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-13302 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy