Skip to main content
CVE-2018-5353 CRITICAL POC Act Now

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
8.1%
CVE-2020-12870 CRITICAL POC Act Now

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pacsone Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-26042 CRITICAL POC Act Now

An issue was discovered in Hoosk CMS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-26041 CRITICAL POC Act Now

An issue was discovered in Hoosk CmS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-25763 CRITICAL POC Act Now

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Seat Reservation System
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-21526 CRITICAL POC Act Now

An Arbitrary file writing vulnerability in halo v1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-21523 CRITICAL POC Act Now

A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-21522 CRITICAL POC Act Now

An issue was discovered in halo V1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-20800 CRITICAL POC Act Now

An issue was discovered in MetInfo v7.0.0 beta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-19672 CRITICAL POC Act Now

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Niushop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15487 CRITICAL POC Act Now

Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Re
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-5354 HIGH POC This Week

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Password Reset Client
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-25762 CRITICAL POC THREAT Act Now

An issue was discovered in SourceCodester Seat Reservation System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seat Reservation System
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
11.3%
CVE-2020-21524 CRITICAL POC Act Now

There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XXE Halo
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-12715 HIGH POC This Week

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pacsone Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26163 HIGH POC PATCH This Week

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Greenlight
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-25760 HIGH POC This Week

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Visitor Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-21564 HIGH POC This Week

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-13321 HIGH POC This Week

A vulnerability was discovered in GitLab versions prior to 13.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
1.4%
CVE-2020-13658 HIGH POC This Week

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lansweeper
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-15488 HIGH POC This Week

Re:Desk 2.3 allows insecure file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Re
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-26148 HIGH POC This Week

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Md4C
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-21525 HIGH POC This Week

Halo V1.1.3 is affected by: Arbitrary File reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-13951 HIGH POC PATCH THREAT This Week

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Denial Of Service Openmeetings
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
70.4%
CVE-2020-15849 HIGH POC This Week

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload SQLi PHP Re
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-13322 HIGH POC This Week

A vulnerability was discovered in GitLab versions after 12.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-13329 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13324 MEDIUM POC This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-13320 MEDIUM POC This Month

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-8238 MEDIUM POC This Month

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Secure Policy Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-26043 MEDIUM POC This Month

An issue was discovered in Hoosk CMS v1.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hoosk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25761 MEDIUM POC This Month

Projectworlds Visitor Management System in PHP 1.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Visitor Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-22481 MEDIUM POC This Month

An issue was discovered in HFish 0.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hfish
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26154 CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-26158 CRITICAL Act Now

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Leanote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-26157 CRITICAL Act Now

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Leanote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-12869 MEDIUM POC This Month

RainbowFish PacsOne Server 6.8.4 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pacsone Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-22842 MEDIUM POC This Month

CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13331 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13330 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-19676 MEDIUM POC PATCH This Month

Nacos 1.1.4 is affected by: Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nacos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-12506 CRITICAL Act Now

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 362 Firmware 750 363 Firmware 750 823 Firmware 750 832 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-8256 MEDIUM POC This Month

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2020-21244 MEDIUM POC This Month

An issue was discovered in FrontAccounting 2.4.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Frontaccounting
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-19670 MEDIUM POC This Month

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Niushop
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-25830 MEDIUM POC PATCH This Month

An issue was discovered in MantisBT before 2.24.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-25288 MEDIUM POC PATCH This Month

An issue was discovered in MantisBT before 2.24.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mantisbt
NVD GitHub
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-13336 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-14374 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-13328 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy