Skip to main content
CVE-2020-35276 CRITICAL POC Act Now

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ecm Address Book
NVD VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-35605 CRITICAL POC PATCH Act Now

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Kitty Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-35604 CRITICAL POC Act Now

An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Web Time And Attendance
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-21378 CRITICAL POC Act Now

SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-21377 CRITICAL POC Act Now

SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yunyecms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-27846 CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml Openshift Container Platform Openshift Service Mesh +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-35151 HIGH POC This Week

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-35606 HIGH POC THREAT This Week

Arbitrary command execution can occur in Webmin through 1.962. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webmin
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
28.0%
CVE-2020-26284 HIGH POC PATCH This Week

Hugo is a fast and Flexible Static Site Generator built in Go. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Microsoft Command Injection Hugo
NVD GitHub
CVSS 3.1
8.5
EPSS
1.5%
CVE-2020-35273 HIGH POC This Week

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF User Registration Login System With Admin Panel
NVD Exploit-DB VulDB
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-17526 HIGH POC PATCH THREAT This Week

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Airflow
NVD
CVSS 3.1
7.7
EPSS
23.3%
CVE-2020-35623 HIGH POC PATCH This Week

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-29596 HIGH POC This Week

MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Miniweb Http Server
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-26263 HIGH POC PATCH This Week

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Microsoft Information Disclosure Tlslite Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25860 MEDIUM POC This Month

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Rauc
NVD GitHub
CVSS 3.1
6.6
EPSS
1.4%
CVE-2020-4757 MEDIUM POC PATCH This Month

IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS IBM Content Navigator
NVD
CVSS 3.1
6.4
EPSS
1.3%
CVE-2020-26275 MEDIUM POC PATCH This Month

The Jupyter Server provides the backend (i.e. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Jupyter Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-26049 MEDIUM POC This Month

Nifty-PM CPE 2.3 is affected by stored HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Nifty Pm
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-8995 CRITICAL Act Now

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bilanc
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-11717 CRITICAL Act Now

An issue was discovered in Programi 014 31.01.2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bilanc
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-4988 CRITICAL Act Now

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Loopback
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-35590 CRITICAL Act Now

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP Limit Login Attempts Reloaded
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-35275 MEDIUM POC This Month

Coastercms v5.8.18 is affected by cross-site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coastercms
NVD Exploit-DB VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-35589 MEDIUM POC This Month

The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Limit Login Attempts Reloaded
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-35274 MEDIUM POC This Month

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD Exploit-DB VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35626 HIGH PATCH This Week

An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Mediawiki
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-35625 HIGH This Week

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Mediawiki
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-26281 HIGH PATCH This Week

async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling Information Disclosure Async H1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-6882 HIGH This Week

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn E8810 Firmware Zxhn E8820 Firmware Zxhn E8822 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6881 HIGH This Week

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxhn E8810 Firmware Zxhn E8820 Firmware Zxhn E8822 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-5808 HIGH This Week

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tenable Sc
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4870 HIGH PATCH This Week

IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-27254 HIGH This Week

Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF - all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-14225 MEDIUM This Month

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Inotes
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-35497 MEDIUM This Month

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ovirt Engine Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-3999 MEDIUM PATCH This Month

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation ESXi Fusion
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-35622 MEDIUM PATCH This Month

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26277 MEDIUM PATCH This Month

DBdeployer is a tool that deploys MySQL database servers easily. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Dbdeployer
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-4840 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Security Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4841 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4794 MEDIUM PATCH This Month

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Denial Of Service IBM Authentication Bypass Automation Workstream Services Business Process Manager +1
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4555 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Session Fixation Information Disclosure Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-35624 MEDIUM PATCH This Month

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-26422 MEDIUM PATCH This Month

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Wireshark Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
4.7%
CVE-2020-4842 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-4843 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-29447 MEDIUM This Month

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian File Upload Denial Of Service Crucible
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy