Skip to main content
CVE-2020-11855 HIGH POC Act Now

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Operation Bridge Reporter
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-14026 HIGH POC This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-14025 HIGH POC This Week

Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14022 HIGH POC This Week

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7734 HIGH POC This Week

All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cabot
NVD GitHub Exploit-DB
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-25487 HIGH POC This Week

PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoo Management System
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8887 HIGH POC This Week

Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Medius Sentry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14031 HIGH POC This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-14028 HIGH POC This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-4621 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-4620 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2020-4611 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-25514 HIGH This Week

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Simple Library Management System
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.6%
CVE-2020-4617 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Data Risk Manager
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-25515 HIGH This Week

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload PHP Simple Library Management System
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-16202 HIGH This Week

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Webaccess
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4622 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4614 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4613 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy