Skip to main content
CVE-2020-11857 CRITICAL POC THREAT Emergency

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Operation Bridge Reporter
NVD GitHub
CVSS 3.1
9.8
EPSS
15.8%
CVE-2020-11855 HIGH POC Act Now

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Operation Bridge Reporter
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-14026 HIGH POC This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-14025 HIGH POC This Week

Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14022 HIGH POC This Week

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7734 HIGH POC This Week

All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cabot
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-25487 HIGH POC This Week

PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoo Management System
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8887 HIGH POC This Week

Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Medius Sentry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14031 HIGH POC This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-14028 HIGH POC This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-24333 MEDIUM POC This Month

A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudvision Portal
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-14024 MEDIUM POC This Month

Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11856 CRITICAL Act Now

Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Operation Bridge Reporter
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-23446 MEDIUM POC This Month

Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Workforce Optimization
NVD VulDB
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-14027 MEDIUM POC This Month

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-14023 MEDIUM POC This Month

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-4621 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-4620 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2020-4611 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-25514 HIGH This Week

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Simple Library Management System
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.6%
CVE-2020-4617 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Data Risk Manager
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-25515 HIGH This Week

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload PHP Simple Library Management System
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-16202 HIGH This Week

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Webaccess
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4622 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4614 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4613 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15839 MEDIUM PATCH This Month

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-4619 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-4612 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-3977 MEDIUM PATCH This Month

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass VMware Horizon Daas
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-24619 MEDIUM PATCH This Month

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Shotcut
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-4615 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Data Risk Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4616 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-4618 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Data Risk Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy