Skip to main content
CVE-2020-26548 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.4.1290. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-28136 HIGH POC This Week

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Tourism Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-28688 HIGH POC THREAT This Week

The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-28687 HIGH POC THREAT This Week

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-27192 HIGH POC This Week

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Forklift
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15349 HIGH POC This Week

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Forklift
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-26552 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R6.0.2483. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-26551 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.3.1151. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-26550 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.3.1151. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26549 HIGH POC This Week

An issue was discovered in Aviatrix Controller before R5.4.1290. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Controller
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-27554 HIGH POC This Week

Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-27553 HIGH POC This Week

In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7841 HIGH This Week

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xplatform
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-14389 HIGH PATCH This Week

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-13958 HIGH This Week

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-25400 HIGH This Week

Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Taskcafe
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-25705 HIGH This Week

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Linux Authentication Bypass Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.4
EPSS
6.7%
CVE-2020-21665 HIGH PATCH This Week

In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fastadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-28914 HIGH This Week

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Kata Containers
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-26405 HIGH This Week

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy