Skip to main content
CVE-2020-35627 HIGH POC This Week

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Gift Cards
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-35766 HIGH POC This Week

The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opendkim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-25507 HIGH POC This Week

An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Teamwork Cloud
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-14273 HIGH POC This Week

HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Domino
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-29194 HIGH POC This Week

Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wv S2231L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-28094 HIGH POC This Week

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Ac1200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-24360 HIGH POC This Week

An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Eos
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2020-28093 HIGH POC This Week

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Ac1200 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-28096 MEDIUM POC This Month

FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Foscam X1 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-13474 MEDIUM POC This Month

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Accounts
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-29245 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29244 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29243 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29242 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-35738 MEDIUM POC This Month

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Wavpack Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-26569 MEDIUM POC This Month

In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-27172 CRITICAL Act Now

An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure G Data
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-35613 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
28.4%
CVE-2020-26030 CRITICAL Act Now

An issue was discovered in Zammad before 3.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-26290 CRITICAL PATCH Act Now

Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mattermost Jwt Attack Authentication Bypass Dex
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-13473 MEDIUM POC This Month

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Accounts
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15898 MEDIUM POC This Month

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-13476 MEDIUM POC This Month

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Invoice
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-35616 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2020-35612 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Joomla
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-35611 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35610 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26289 HIGH PATCH This Week

date-and-time is an npm package for manipulating date and time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Date And Time
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-29160 HIGH PATCH This Week

An issue was discovered in Zammad before 3.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Zammad
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-26032 HIGH This Week

An SSRF issue was discovered in Zammad before 3.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-29193 MEDIUM This Month

Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wv S2231L Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-26029 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-27837 MEDIUM PATCH This Month

A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Race Condition Authentication Bypass Gnome Display Manager
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-35615 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-35730 MEDIUM KEV PATCH THREAT This Month

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
32.8%
CVE-2020-26035 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26033 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zammad
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-35614 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-29159 MEDIUM PATCH This Month

An issue was discovered in Zammad before 3.5.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zammad
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-26028 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-29158 MEDIUM PATCH This Month

An issue was discovered in Zammad before 3.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Zammad
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26034 MEDIUM This Month

An account-enumeration issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26031 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zammad
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy