Skip to main content
CVE-2020-7373 CRITICAL POC PATCH THREAT Act Now

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Vbulletin
NVD GitHub
CVSS 3.1
9.8
EPSS
46.0%
CVE-2020-7760 HIGH POC PATCH This Week

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Denial Of Service Codemirror Application Express Enterprise Manager Express User Interface +3
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-15276 HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
8.7
EPSS
1.0%
CVE-2020-15273 HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-5991 HIGH This Week

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-4588 HIGH PATCH This Week

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM I2 Ibase
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-4584 HIGH PATCH This Week

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure I2 Ibase
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15277 HIGH PATCH This Week

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Basercms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-7759 HIGH PATCH This Week

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Pimcore
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2020-27014 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel. Rated medium severity (CVSS 6.4). No vendor patch available.

Trend Micro Denial Of Service Antivirus
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-27015 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
4.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy