Skip to main content
CVE-2020-29600 CRITICAL POC Act Now

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-29597 CRITICAL POC THREAT Act Now

IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Incomcms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
71.0%
CVE-2020-29595 CRITICAL POC Act Now

PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Photo Studio 2021
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-5800 CRITICAL POC Act Now

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Apple Eat Spray Love
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-5799 CRITICAL POC Act Now

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Eat Spray Love
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13945 MEDIUM POC PATCH THREAT This Month

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache Information Disclosure Apisix
NVD
CVSS 3.1
6.5
EPSS
73.0%
CVE-2020-27151 HIGH POC This Week

An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kata Containers
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-29599 HIGH POC This Week

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
7.5%
CVE-2020-5798 HIGH POC This Week

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Insync
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-26513 MEDIUM POC This Month

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Codebeamer
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-9247 HIGH This Week

There is a buffer overflow vulnerability in several Huawei products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Honor 20 Pro Firmware Mate 20 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-26122 HIGH This Week

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Nf8480M5 Firmware Nf8260M5 Firmware Ns5162M5 Firmware +12
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-28727 MEDIUM PATCH This Month

Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Seeddms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8566 MEDIUM PATCH This Month

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8565 MEDIUM PATCH This Month

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8564 MEDIUM PATCH This Month

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Docker Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8563 MEDIUM PATCH This Month

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-28935 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Name Server Daemon Unbound Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-17521 MEDIUM PATCH This Month

Apache Groovy provides extension methods to aid with creating temporary directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Java Information Disclosure Groovy Snapcenter +19
NVD
CVSS 3.1
5.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy