Skip to main content
CVE-2020-29071 CRITICAL POC Act Now

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liquidfiles
NVD
CVSS 3.1
9.0
EPSS
1.6%
CVE-2020-26238 HIGH POC PATCH This Week

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java RCE Cron Utils
NVD GitHub
CVSS 3.1
8.1
EPSS
4.2%
CVE-2020-26243 HIGH POC PATCH This Week

Nanopb is a small code-size Protocol Buffers implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nanopb
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-26212 MEDIUM POC PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla Authentication Bypass PHP Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-29072 MEDIUM POC This Month

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Liquidfiles
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25650 MEDIUM POC PATCH This Month

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-29069 MEDIUM POC This Month

_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modern Honey Network
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-29074 HIGH PATCH This Week

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure X11Vnc Fedora Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-29070 MEDIUM POC PATCH This Month

osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Oscommerce
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-14190 HIGH PATCH This Week

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Atlassian Denial Of Service Crucible Fisheye
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14191 HIGH PATCH This Week

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Denial Of Service Crucible Fisheye
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-26242 HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26240 HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-26241 HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy