Skip to main content
CVE-2020-25466 CRITICAL POC Act Now

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-25483 CRITICAL POC Act Now

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2020-26561 HIGH POC THREAT This Week

Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Linksys Linksys Wrt 160Nl Firmware
NVD
CVSS 3.1
8.8
EPSS
12.2%
CVE-2020-24848 HIGH POC This Week

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Fruitywifi
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9331 HIGH POC This Week

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Csp
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-26887 HIGH POC This Week

FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fritz Box 7490 Firmware
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-27216 HIGH POC PATCH This Week

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Jetty Snap Creator Framework Snapcenter Vasa Provider +14
NVD GitHub
CVSS 3.1
7.0
EPSS
4.3%
CVE-2020-9361 MEDIUM POC This Month

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Csp
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15002 MEDIUM POC This Month

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2020-15004 MEDIUM POC This Month

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
4.8
EPSS
2.8%
CVE-2020-24847 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Fruitywifi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-15003 MEDIUM POC This Month

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-5990 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5978 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Nvidia Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5977 HIGH PATCH This Week

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Nvidia Information Disclosure Geforce Experience
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3998 MEDIUM PATCH This Month

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft VMware Horizon Client
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-27388 MEDIUM PATCH This Month

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Yourls
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-3997 MEDIUM PATCH This Month

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware Horizon
NVD
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy