Skip to main content
CVE-2020-27692 HIGH POC This Week

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Verve Connect Vh510 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-22278 HIGH POC This Week

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phpmyadmin
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-22275 HIGH POC This Week

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Registration Forms
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-22277 HIGH POC This Week

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Import And Export Users And Customers
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2020-26207 HIGH PATCH This Week

DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Dbschemareader
NVD GitHub
CVSS 3.1
8.0
EPSS
2.0%
CVE-2020-25201 HIGH PATCH This Week

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service HashiCorp Consul
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-8037 HIGH PATCH This Week

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Tcpdump Debian Linux Fedora Mac Os X +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-8036 HIGH PATCH This Week

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tcpdump
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7129 HIGH This Week

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Information Disclosure Airwave Glass
NVD
CVSS 3.1
7.2
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy