Skip to main content
CVE-2020-25273 CRITICAL POC Act Now

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Online Bus Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-26802 HIGH POC This Week

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Formalms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-4280 HIGH POC PATCH THREAT This Week

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java IBM Deserialization Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.8
EPSS
73.5%
CVE-2020-26894 HIGH POC This Week

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Wildlife Issues In The New Millennium
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25263 HIGH POC This Week

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-15241 MEDIUM POC PATCH This Month

TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Redirect Fluid Engine Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-24301 MEDIUM POC This Month

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testpage Overlay
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-25272 MEDIUM POC This Month

In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Bus Booking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-15243 CRITICAL Act Now

Affected versions of Smartstore have a missing WebApi Authentication attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartstore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-1914 CRITICAL PATCH Act Now

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-26567 MEDIUM POC THREAT This Month

An issue was discovered on D-Link DSR-250N before 3.17B devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 250N Firmware
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
17.2%
CVE-2020-25271 MEDIUM POC This Month

PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hospital Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25270 MEDIUM POC This Month

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hostel Management System
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2020-2286 HIGH PATCH This Week

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Role Based Authorization Strategy
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-3544 HIGH This Week

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service RCE 8000P Ip Camera Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13340 HIGH This Week

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
8.7
EPSS
68.6%
CVE-2020-3535 HIGH This Week

A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Webex Teams
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2020-25262 MEDIUM POC This Month

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-9048 HIGH PATCH This Week

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Victor Web Client C Cure Web Client
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-4799 HIGH PATCH This Week

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow IBM Memory Corruption Informix Dynamic Server
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3467 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2020-10816 HIGH This Week

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Applications Manager
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2020-3596 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Expressway Telepresence Video Communication Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-3602 MEDIUM This Month

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Staros
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3601 MEDIUM This Month

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Staros
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-5389 MEDIUM This Month

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure Emc Openmanage Integration For Microsoft System Center
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-13339 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2298 MEDIUM This Month

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Nerrvana
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-2295 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Maven Cascade Release
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-2294 MEDIUM This Month

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Maven Cascade Release
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2293 MEDIUM This Month

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Persona
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-3598 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Vision Dynamic Signage Director
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-3567 MEDIUM This Month

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Industrial Network Director Network Level Service
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-3543 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 8000P Ip Camera Firmware 8020 Ip Camera Firmware 8030 Ip Camera Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15242 MEDIUM PATCH This Month

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15646 MEDIUM This Month

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Microsoft Information Disclosure Thunderbird
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-3568 MEDIUM This Month

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2020-2292 MEDIUM PATCH This Month

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Release
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2290 MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2289 MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-3597 MEDIUM This Month

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Nexus Data Broker
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-3536 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sd Wan
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3320 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center Sourcefire Defense Center
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2288 MEDIUM PATCH This Month

In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Audit Trail
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-2287 MEDIUM PATCH This Month

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Audit Trail
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-3589 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-12401 MEDIUM This Month

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-12400 MEDIUM This Month

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-13344 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Redis Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-2296 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Shared Objects
NVD
CVSS 3.1
4.3
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy