Skip to main content
CVE-2020-25889 CRITICAL POC Act Now

Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Bus Booking System
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-26254 HIGH POC PATCH This Week

omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Apple Omniauth Apple
NVD GitHub
CVSS 3.1
7.7
EPSS
1.3%
CVE-2020-28946 HIGH POC This Week

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ik 401 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-29540 HIGH POC This Week

API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pure Neural Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-26233 HIGH POC PATCH This Week

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Microsoft Apple Git Credential Manager Core
NVD GitHub
CVSS 3.1
7.3
EPSS
5.9%
CVE-2020-27752 HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-26256 MEDIUM POC PATCH This Month

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Denial Of Service Fast Csv
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-25664 MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14206 MEDIUM POC This Month

The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Divebook
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-28274 CRITICAL Act Now

Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Deepref
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29602 CRITICAL Act Now

The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29601 CRITICAL Act Now

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Notary Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29581 CRITICAL Act Now

The official spiped docker images before 1.5-alpine contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Spiped Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29580 CRITICAL Act Now

The official storm Docker images before 1.2.1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Storm Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29579 CRITICAL Act Now

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Express Gateway Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29577 CRITICAL Act Now

The official znc docker images before 1.7.1-slim contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Znc Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29576 CRITICAL Act Now

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Eggdrop Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-29575 CRITICAL Act Now

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Elixir Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-29564 CRITICAL Act Now

The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Consul Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-29578 CRITICAL Act Now

The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Piwik Fpm Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-17531 CRITICAL PATCH Act Now

A Java Serialization vulnerability was found in Apache Tapestry 4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Tapestry
NVD
CVSS 3.1
9.8
EPSS
9.7%
CVE-2020-27756 MEDIUM POC This Month

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-27753 MEDIUM POC This Month

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-27750 MEDIUM POC This Month

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25676 MEDIUM POC This Month

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-25674 MEDIUM POC This Month

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25667 MEDIUM POC This Month

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-25665 MEDIUM POC This Month

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25663 MEDIUM POC PATCH This Month

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-25955 MEDIUM POC This Month

SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Student Management System Project In Php
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-29539 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pure Neural Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14205 MEDIUM POC This Month

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Divebook
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-26255 CRITICAL PATCH Act Now

Kirby is a CMS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Kirby Panel
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-27906 HIGH This Week

Multiple integer overflows were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Integer Overflow macOS
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-9950 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple RCE Use After Free +5
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-9947 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +8
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-25629 HIGH PATCH This Week

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-27918 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +12
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-27932 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple Icloud Itunes +5
NVD
CVSS 3.1
7.8
EPSS
10.3%
CVE-2020-27930 HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
22.2%
CVE-2020-27927 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-27926 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple RCE Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-27917 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +8
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-27916 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-27912 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-27911 HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Microsoft Integer Overflow Icloud +6
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-27910 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-27909 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-27905 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-27904 HIGH This Week

A logic issue existed resulting in memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
3.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy