Skip to main content
CVE-2020-28183 CRITICAL POC Act Now

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Water Billing System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-28130 CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Library Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-26553 CRITICAL POC Act Now

An issue was discovered in Aviatrix Controller before R6.0.2483. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Controller
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-28133 CRITICAL POC Act Now

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Simple Grocery Store Sales And Inventory System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-28140 CRITICAL POC Act Now

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-28138 CRITICAL POC Act Now

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-27555 CRITICAL POC Act Now

Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7774 CRITICAL POC PATCH THREAT Act Now

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Y18N Graalvm Sinec Infrastructure Network Services
NVD GitHub
CVSS 3.1
9.8
EPSS
69.1%
CVE-2020-26548 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.4.1290. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-28136 HIGH POC This Week

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Tourism Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-28688 HIGH POC THREAT This Week

The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-28687 HIGH POC THREAT This Week

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-27192 HIGH POC This Week

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Forklift
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15349 HIGH POC This Week

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Forklift
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-26552 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R6.0.2483. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-26551 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.3.1151. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-26550 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.3.1151. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26549 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.4.1290. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-27554 HIGH POC This Week

Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-27553 HIGH POC This Week

In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-25988 MEDIUM POC This Month

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2-1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Platinum 4410 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
3.0%
CVE-2020-27558 MEDIUM POC This Month

Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-28092 MEDIUM POC This Month

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pescms Team
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-28129 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gym Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26216 MEDIUM POC PATCH This Month

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fluid
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25890 MEDIUM POC This Month

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ecosys M2640Idw Firmware
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-28139 MEDIUM POC This Month

SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27131 CRITICAL Act Now

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Microsoft Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
87.7%
CVE-2020-27125 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11851 CRITICAL Act Now

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Arcsight Logger
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-27557 MEDIUM POC This Month

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26701 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kaa
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-25798 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Limesurvey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-28647 MEDIUM POC This Month

In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Moveit Transfer
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-27556 MEDIUM POC This Month

A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-27130 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Security Manager
NVD
CVSS 3.1
9.1
EPSS
65.9%
CVE-2020-7841 HIGH This Week

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xplatform
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-14389 HIGH PATCH This Week

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-13958 HIGH This Week

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-25400 HIGH This Week

Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Taskcafe
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-25705 HIGH This Week

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Linux Authentication Bypass Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.4
EPSS
6.7%
CVE-2020-21665 HIGH PATCH This Week

In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fastadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-28914 HIGH This Week

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Kata Containers
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-26405 HIGH This Week

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-13351 MEDIUM This Month

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-11860 MEDIUM This Month

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-13348 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2020-13358 MEDIUM This Month

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Gitlab Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25832 MEDIUM This Month

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-25834 MEDIUM This Month

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
5.4
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy