Skip to main content
CVE-2020-12351 HIGH POC This Week

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Kernel
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.7%
CVE-2020-27985 HIGH POC PATCH This Week

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Security Onion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24227 HIGH POC This Week

Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Playground Sessions
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7777 HIGH POC This Week

This affects all versions of package jsen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jsen
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-25660 HIGH This Week

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ceph Ceph Storage Openshift Container Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-28421 HIGH This Week

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Unified Infrastructure Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-25696 HIGH PATCH This Week

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE PostgreSQL Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-26228 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15246 HIGH PATCH This Week

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-7925 HIGH This Week

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy