Skip to main content
CVE-2020-28931 HIGH POC This Week

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eps Tse Server 8 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26258 HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
7.7
EPSS
82.2%
CVE-2020-35133 HIGH POC This Week

irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Irfanview
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-28458 HIGH POC PATCH This Week

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Datatables Net
NVD GitHub
CVSS 3.1
7.3
EPSS
3.7%
CVE-2020-29607 HIGH POC THREAT This Week

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pluck
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
33.4%
CVE-2020-26274 HIGH PATCH This Week

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Node.js Command Injection Systeminformation
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-7837 HIGH This Week

An issue was discovered in ML Report Program. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Polaris Ml Report
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-25622 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF N Central
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-25618 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N Central
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-25617 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal N Central
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25621 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2020-25620 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5360 HIGH PATCH This Week

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Bsafe Micro Edition Suite Database Http Server +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-14254 HIGH PATCH This Week

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bigfix Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-29363 HIGH PATCH This Week

An issue was discovered in p11-kit 0.23.6 through 0.23.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption P11 Kit Debian Linux Communications Cloud Native Core Policy
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-29361 HIGH This Week

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow P11 Kit Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-5683 HIGH This Week

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Growi
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-5682 HIGH This Week

Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Growi
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy