Skip to main content
CVE-2020-29288 CRITICAL POC Act Now

An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-29287 CRITICAL POC Act Now

An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Rental Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-29285 CRITICAL POC Act Now

SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales In Php Pdo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-29284 CRITICAL POC Act Now

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Multi Restaurant Table Reservation System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.1%
CVE-2020-29283 CRITICAL POC Act Now

An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Doctor Appointment Booking System Php And Mysql
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-29282 CRITICAL POC Act Now

SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bloodx
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-29280 CRITICAL POC Act Now

The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Victor Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-29279 CRITICAL POC THREAT Act Now

PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP 74Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
52.9%
CVE-2020-28273 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service Set In
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-28272 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service Keyget
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-6018 CRITICAL POC PATCH Act Now

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Game Networking Sockets
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-29458 HIGH POC This Week

Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Textpattern
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-14305 HIGH POC PATCH This Week

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
8.1
EPSS
5.1%
CVE-2020-13493 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-28206 MEDIUM POC This Month

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitrix Framework
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-13496 MEDIUM POC This Month

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-29239 MEDIUM POC This Month

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Voting System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-29389 CRITICAL Act Now

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Crux Linux Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7199 CRITICAL Act Now

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Edgeline Infrastructure Manager
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2020-14260 CRITICAL Act Now

HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Domino
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-13498 MEDIUM POC This Month

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openusd
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-13497 MEDIUM POC This Month

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-13494 MEDIUM POC This Month

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Information Disclosure Openusd
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-29240 MEDIUM POC This Month

Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Leptoncms
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-25656 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.1). Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2020-12524 HIGH This Week

Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Btp 2043W Firmware Btp 2070W Firmware Btp 2102W Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5423 HIGH This Week

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capi Release Cf Deployment
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-27813 HIGH PATCH This Week

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Websocket Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-25638 HIGH PATCH This Week

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Hibernate Orm Debian Linux Quarkus Communications Cloud Native Core Console +1
NVD
CVSS 3.1
7.4
EPSS
2.9%
CVE-2020-26244 MEDIUM PATCH This Month

Python oic is a Python OpenID Connect implementation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Openid Connect
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-4102 MEDIUM This Month

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Notes
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-25265 MEDIUM This Month

AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libappimage
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-14383 MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14369 MEDIUM This Month

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Cloudforms
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-29456 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papermerge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-27816 MEDIUM This Month

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana Openshift Container Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25266 MEDIUM This Month

AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appimaged
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25704 MEDIUM PATCH This Month

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Command Center +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13956 MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient Quarkus Data Integrator +14
NVD
CVSS 3.1
5.3
EPSS
8.7%
CVE-2020-29454 MEDIUM PATCH This Month

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-25723 LOW PATCH Monitor

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy