Skip to main content
CVE-2020-26165 HIGH POC This Week

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Qdpm
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-19664 HIGH POC This Week

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-35882 HIGH POC PATCH This Week

An issue was discovered in the rocket crate before 0.4.5 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Rocket
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35874 HIGH POC PATCH This Week

An issue was discovered in the internment crate through 2020-05-28 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Internment
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35906 HIGH POC PATCH This Week

An issue was discovered in the futures-task crate before 0.3.6 for Rust. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Futures Task
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-35891 HIGH POC This Week

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ordnung
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35890 HIGH POC This Week

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ordnung
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35864 HIGH POC PATCH This Week

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flatbuffers
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-35861 HIGH POC PATCH This Week

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bumpalo
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-35857 HIGH POC PATCH This Week

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Trust Dns Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35901 HIGH POC PATCH This Week

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Http
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35889 HIGH This Week

An issue was discovered in the crayon crate through 2020-08-31 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Crayon
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-35871 HIGH PATCH This Week

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35931 HIGH PATCH This Week

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Apple Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-35743 HIGH This Week

HGiga MailSherlock contains a SQL injection flaw. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2020-35742 HIGH This Week

HGiga MailSherlock contains a vulnerability of SQL Injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2020-35896 HIGH This Week

An issue was discovered in the ws crate through 2020-09-25 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ws Rs
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35894 HIGH PATCH This Week

An issue was discovered in the obstack crate before 0.1.4 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Obstack
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-35893 HIGH PATCH This Week

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simple Slab
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35875 HIGH PATCH This Week

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tokio Rustls
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35865 HIGH PATCH This Week

An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Os Str Bytes
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35909 HIGH PATCH This Week

An issue was discovered in the multihash crate before 0.11.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Multihash
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-25850 HIGH This Week

The function, view the source code, of HGiga MailSherlock does not validate specific characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Msr45 Isherlock User Ssr45 Isherlock User
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25842 HIGH This Week

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nhiservisignadapter
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-13654 HIGH PATCH This Week

XWiki Platform before 12.8 mishandles escaping in the property displayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-25846 HIGH This Week

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nhiservisignadapter
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2020-25845 HIGH This Week

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nhiservisignadapter
NVD
CVSS 3.1
7.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy