Skip to main content
CVE-2018-5354 HIGH POC This Week

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Password Reset Client
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-12715 HIGH POC This Week

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pacsone Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26163 HIGH POC PATCH This Week

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Greenlight
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-25760 HIGH POC This Week

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Visitor Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-21564 HIGH POC This Week

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-13321 HIGH POC This Week

A vulnerability was discovered in GitLab versions prior to 13.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
1.4%
CVE-2020-13658 HIGH POC This Week

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lansweeper
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-15488 HIGH POC This Week

Re:Desk 2.3 allows insecure file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Re
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-26148 HIGH POC This Week

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Md4C
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-21525 HIGH POC This Week

Halo V1.1.3 is affected by: Arbitrary File reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-13951 HIGH POC PATCH THREAT This Week

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Denial Of Service Openmeetings
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
70.4%
CVE-2020-15849 HIGH POC This Week

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload SQLi PHP Re
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-13322 HIGH POC This Week

A vulnerability was discovered in GitLab versions after 12.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-14374 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-13296 HIGH This Week

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-12505 HIGH This Week

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 852 Firmware 750 880 Firmware 750 881 Firmware 750 831 Firmware +3
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-13952 HIGH PATCH This Week

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-6654 HIGH This Week

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE 9000X Programming And Configuration Software
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-16234 HIGH This Week

In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Winproladder
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-14376 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14375 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

Information Disclosure Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-21527 HIGH This Week

There is an Arbitrary file deletion vulnerability in halo v1.1.3. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
7.7
EPSS
1.1%
CVE-2020-13323 HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2020-26160 HIGH PATCH This Week

{} for m["aud"] (which is allowed by the specification). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jwt Go
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-26150 HIGH This Week

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Aware Callmanager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26149 HIGH PATCH This Week

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Nats Deno Nats Js Nats Ws
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8243 HIGH KEV THREAT This Week

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
90.8%
CVE-2020-14030 HIGH PATCH This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-14377 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-13325 HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy