Skip to main content
CVE-2020-35847 CRITICAL POC PATCH THREAT Act Now

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Cockpit
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
98.3%
CVE-2020-35846 CRITICAL POC PATCH THREAT Act Now

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Cockpit
NVD GitHub
CVSS 3.1
9.8
EPSS
93.2%
CVE-2020-10208 CRITICAL POC Act Now

Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
9.9
EPSS
4.1%
CVE-2020-35848 CRITICAL POC PATCH THREAT Act Now

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Cockpit
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
75.0%
CVE-2020-27848 HIGH POC PATCH This Week

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dotcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-35782 HIGH POC This Week

Certain NETGEAR devices are affected by lack of access control at the function level. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-10209 HIGH POC This Week

Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2020-29228 HIGH POC This Week

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi User Registration And Login System With Admin Panel
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-28095 HIGH POC This Week

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-35737 HIGH POC THREAT This Week

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Egov
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
10.3%
CVE-2020-35849 HIGH POC PATCH This Week

An issue was discovered in MantisBT before 2.24.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Mantisbt
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-28413 MEDIUM POC PATCH This Month

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mantisbt
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
4.7%
CVE-2020-5811 MEDIUM POC PATCH This Month

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Umbraco Cms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.4%
CVE-2020-35850 MEDIUM POC This Month

An SSRF issue was discovered in cockpit-project.org Cockpit 234. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cockpit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-29230 MEDIUM POC This Month

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration And Login System With Admin Panel
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-11103 CRITICAL Act Now

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webswing
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-35173 CRITICAL PATCH Act Now

The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Amaze File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-29594 CRITICAL PATCH Act Now

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rocket Chat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35799 CRITICAL Act Now

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption D3600 Firmware D6000 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-35797 CRITICAL Act Now

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Netgear Command Injection Nms300 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35796 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Cbr40 Firmware D6220 Firmware D6400 Firmware +66
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35795 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +74
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-29231 MEDIUM POC This Month

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration And Login System With Admin Panel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-5810 MEDIUM POC THREAT This Month

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD
CVSS 3.1
5.4
EPSS
66.2%
CVE-2020-5809 MEDIUM POC This Month

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-29469 MEDIUM POC This Month

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-29233 MEDIUM POC This Month

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-35800 CRITICAL Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +124
NVD
CVSS 3.1
9.4
EPSS
1.9%
CVE-2020-29477 MEDIUM POC This Month

Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Community
NVD Exploit-DB VulDB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-28736 HIGH PATCH This Week

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-28735 HIGH PATCH This Week

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-28734 HIGH PATCH This Week

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-35241 MEDIUM POC This Month

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatpress
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.1%
CVE-2020-35240 MEDIUM POC This Month

FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fluxbb
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2020-35789 HIGH This Week

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Nms300 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-35785 HIGH This Week

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Dgn2200 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-35778 HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF Gs716T Firmware Gs724T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-26296 HIGH PATCH This Week

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Node.js Vega
NVD GitHub
CVSS 3.1
8.7
EPSS
1.4%
CVE-2020-35779 HIGH This Week

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Nms300 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2020-35777 HIGH This Week

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Dgn2200V1 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2020-10206 MEDIUM POC This Month

Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-35839 HIGH This Week

Certain NETGEAR devices are affected by Stored XSS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-35831 HIGH This Week

Certain NETGEAR devices are affected by stored XSS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-35787 HIGH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear D3600 Firmware D6000 Firmware D6200 Firmware +23
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-35798 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R6400V2 Firmware R6700V3 Firmware R6900P Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-35841 HIGH This Week

Certain NETGEAR devices are affected by stored XSS. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D6200 Firmware D7000 Firmware Jnr1010V2 Firmware +15
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2020-35802 HIGH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbw30 Firmware Rax75 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-35801 HIGH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2020-35784 HIGH This Week

Certain NETGEAR devices are affected by lack of access control at the function level. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-35794 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbs40V Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
6.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy