Lucene search
K

92388 matches found

OSV
OSV
added 18 hours ago10 views

ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root

Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...

7.4CVSS8AI score0.05213EPSS
Exploits1
Nuclei
Nuclei
added 19 hours ago172 views

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

8.2CVSS7AI score0.3159EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago115 views

Cockpit CMS 0.6.1 - Remote Code Execution

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. id: CVE-2020-35131 info: name: Cockpit CMS 0.6.1 ...

9.8CVSS7.1AI score0.51299EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago82 views

JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure

JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.18645EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago89 views

Rocket.Chat <3.9.1 - Information Disclosure

Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-28208 info: name: Rocket.Chat 3.9.1 -...

5.3CVSS6.3AI score0.11419EPSS
Exploits2References5
Nuclei
Nuclei
added 19 hours ago96 views

Car Rental Management System 1.0 - Local File Inclusion

Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion author:...

9.8CVSS7.2AI score0.16822EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago57 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

8.8CVSS7AI score0.10808EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago55 views

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

9.8CVSS7.1AI score0.68398EPSS
Exploits9References5
Nuclei
Nuclei
added 19 hours ago37 views

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

9.8CVSS7AI score0.07131EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago36 views

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...

5.3CVSS6.2AI score0.01648EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago22 views

Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)

Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...

5.8CVSS6.3AI score0.02698EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago89 views

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

9CVSS7.1AI score0.67289EPSS
Exploits4References5
Nuclei
Nuclei
added 19 hours ago74 views

Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting

Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...

6.1CVSS6.3AI score0.15987EPSS
Exploits3References5
Nuclei
Nuclei
added 19 hours ago59 views

Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure

Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. id: CVE-2020-27361 info: name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.0...

7.5CVSS7AI score0.06714EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago86 views

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

7.8CVSS7AI score0.15737EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago115 views

FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core. id: CVE-2020-9548 info: name: FasterXML Jackson Databind =2.9.10.4 - Remote Code Execution author: tomaquet18...

9.8CVSS7AI score0.18345EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago138 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago86 views

SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution

SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the systemlog.cgi page. id: CVE-2020-17456 info: name: SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution author: gy741,edoardottt severity: critical description: SEOWON INTECH...

9.8CVSS7.5AI score0.71691EPSS
Exploits8References5
Nuclei
Nuclei
added 19 hours ago127 views

OX Appsuite - Cross-Site Scripting

OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...

6.1CVSS6.4AI score0.06788EPSS
Exploits3References5
Nuclei
Nuclei
added 19 hours ago52 views

WordPress PayPal Pro <1.1.65 - SQL Injection

WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. id: CVE-2020-14092 info: name: WordPress PayPal Pro 1.1.65 - SQL Injection...

9.8CVSS7.1AI score0.9453EPSS
Exploits1References5
Rows per page
Query Builder