Skip to main content
CVE-2020-35151 HIGH POC This Week

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-35606 HIGH POC THREAT This Week

Arbitrary command execution can occur in Webmin through 1.962. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webmin
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
28.0%
CVE-2020-26284 HIGH POC PATCH This Week

Hugo is a fast and Flexible Static Site Generator built in Go. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Microsoft Command Injection Hugo
NVD GitHub
CVSS 3.1
8.5
EPSS
1.5%
CVE-2020-35273 HIGH POC This Week

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF User Registration Login System With Admin Panel
NVD Exploit-DB VulDB
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-17526 HIGH POC PATCH THREAT This Week

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Airflow
NVD
CVSS 3.1
7.7
EPSS
23.3%
CVE-2020-35623 HIGH POC PATCH This Week

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-29596 HIGH POC This Week

MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Miniweb Http Server
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-26263 HIGH POC PATCH This Week

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Microsoft Information Disclosure Tlslite Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35626 HIGH PATCH This Week

An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Mediawiki
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-35625 HIGH This Week

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Mediawiki
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-26281 HIGH PATCH This Week

async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling Information Disclosure Async H1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-6882 HIGH This Week

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn E8810 Firmware Zxhn E8820 Firmware Zxhn E8822 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6881 HIGH This Week

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxhn E8810 Firmware Zxhn E8820 Firmware Zxhn E8822 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-5808 HIGH This Week

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tenable Sc
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4870 HIGH PATCH This Week

IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-27254 HIGH This Week

Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF - all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy