Skip to main content
CVE-2020-13525 HIGH POC This Week

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13584 HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-13543 HIGH POC This Week

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Apple Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-13531 HIGH POC This Week

A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Memory Corruption RCE Openusd
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-26248 HIGH POC PATCH THREAT This Week

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Productcomments
NVD GitHub
CVSS 3.1
8.2
EPSS
12.4%
CVE-2020-25693 HIGH POC This Week

A flaw was found in CImg in versions prior to 2.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Cimg Fedora
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-29534 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.9.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-23740 HIGH POC This Week

In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Drivergenius
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28175 HIGH POC This Week

There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Speedfan
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13542 HIGH POC This Week

A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Logicaldoc
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-29529 HIGH POC PATCH This Week

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Hashicorp Path Traversal Go Slug
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-27778 HIGH POC This Week

A flaw was found in Poppler in the way certain PDF files were converted into HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Poppler Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-28937 HIGH POC This Week

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openclinic
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28939 HIGH POC This Week

OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Openclinic
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-14339 HIGH PATCH This Week

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Libvirt Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-28251 HIGH This Week

NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Airmagnet Enterprise
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-2321 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Shelve Project
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-23735 HIGH This Week

In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Cyber Game Accelerator
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14381 HIGH PATCH This Week

A flaw was found in the Linux kernel’s futex implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-14351 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6021 HIGH This Week

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-17527 HIGH PATCH This Week

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Tomcat Information Disclosure Element Plug In Oncommand System Manager +9
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2020-25649 HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-2324 HIGH PATCH This Week

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cvs
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-2322 HIGH PATCH This Week

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Chaos Monkey
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-6111 HIGH This Week

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Micrologix 1100 B Firmware
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-5680 HIGH This Week

Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ec Cube
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5676 HIGH This Week

GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Growi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy