Skip to main content
CVE-2020-13296 HIGH This Week

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-25781 MEDIUM POC PATCH This Month

An issue was discovered in file_download.php in MantisBT before 2.24.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Mantisbt
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-15595 MEDIUM POC This Month

An issue was discovered in Zoho Application Control Plus before version 10.0.511. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Application Control Plus
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-13794 MEDIUM POC PATCH This Month

Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-13319 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12505 HIGH This Week

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 852 Firmware 750 880 Firmware 750 881 Firmware 750 831 Firmware +3
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-13952 HIGH PATCH This Week

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-6654 HIGH This Week

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE 9000X Programming And Configuration Software
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-16234 HIGH This Week

In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Winproladder
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-14376 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14375 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

Information Disclosure Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-21527 HIGH This Week

There is an Arbitrary file deletion vulnerability in halo v1.1.3. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
7.7
EPSS
1.1%
CVE-2020-13323 HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2020-26160 HIGH PATCH This Week

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jwt Go
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-26150 HIGH This Week

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Aware Callmanager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26149 HIGH PATCH This Week

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Nats Deno Nats Js Nats Ws
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8243 HIGH KEV THREAT This Week

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
90.8%
CVE-2020-14030 HIGH PATCH This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-14377 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-13325 HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-25816 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-26137 MEDIUM PATCH This Month

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Urllib3 Ubuntu Linux Debian Linux Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-24570 MEDIUM This Month

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF CSRF Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-25626 MEDIUM PATCH This Month

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django Rest Framework Ceph Storage Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-24721 MEDIUM This Month

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Apple Exposure Notifications
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-13953 MEDIUM PATCH This Month

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Information Disclosure Tapestry
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2020-5132 MEDIUM This Month

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Sma100 Firmware Sonicos
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-24569 MEDIUM This Month

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-15594 MEDIUM This Month

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Application Control Plus
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-13326 MEDIUM This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-15731 LOW Monitor

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Engines
NVD
CVSS 3.1
3.6
EPSS
0.5%
CVE-2020-14378 LOW PATCH Monitor

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-4629 LOW Monitor

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
3.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy