Skip to main content
CVE-2020-26596 HIGH POC This Week

The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Privilege Escalation PHP Elementor Pro
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2020-25985 HIGH POC This Week

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Monocms
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-26876 HIGH POC This Week

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Courses
NVD
CVSS 3.1
7.5
EPSS
9.2%
CVE-2020-24246 HIGH POC This Week

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Balance 20X Firmware Balance 310X Firmware Mbx Firmware +52
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7742 HIGH POC PATCH This Week

This affects the package simpl-schema before 1.10.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simpl Schema
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-15176 HIGH PATCH This Week

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-7316 HIGH This Week

Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE File And Removable Media Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-26880 HIGH This Week

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sympa Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-13334 HIGH This Week

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy