Skip to main content
CVE-2020-29458 HIGH POC This Week

Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Textpattern
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-14305 HIGH POC PATCH This Week

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
8.1
EPSS
5.1%
CVE-2020-13493 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-12524 HIGH This Week

Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Btp 2043W Firmware Btp 2070W Firmware Btp 2102W Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5423 HIGH This Week

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Capi Release Cf Deployment
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-27813 HIGH PATCH This Week

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Websocket Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-25638 HIGH PATCH This Week

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Hibernate Orm Debian Linux Quarkus Communications Cloud Native Core Console +1
NVD
CVSS 3.1
7.4
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy