Skip to main content
CVE-2020-8657 CRITICAL POC KEV THREAT Emergency

An issue was discovered in EyesOfNetwork 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
91.9%
CVE-2020-8772 CRITICAL POC THREAT Emergency

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Infinitewp Client
NVD
CVSS 3.1
9.8
EPSS
87.9%
CVE-2020-6760 CRITICAL POC Act Now

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zi 620 V400 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8771 CRITICAL POC THREAT Act Now

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Time Capsule
NVD
CVSS 3.1
9.8
EPSS
46.5%
CVE-2020-8658 HIGH POC This Week

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP Htaccess
NVD GitHub
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-8648 HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +8
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-5720 MEDIUM POC This Month

MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mikrotik Path Traversal Winbox
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-8649 MEDIUM POC This Month

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-8636 CRITICAL Act Now

An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Opmon
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-7954 HIGH This Week

An issue was discovered in OpServices OpMon 9.3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apache Privilege Escalation Authentication Bypass Opmon
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5319 HIGH This Week

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5318 HIGH This Week

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7953 HIGH This Week

An issue was discovered in OpServices OpMon 9.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opmon
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7920 HIGH PATCH This Week

pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Monitoring And Management
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5856 HIGH This Week

On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-6856 MEDIUM This Month

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jobscheduler
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-6855 MEDIUM This Month

A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jobscheduler
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-6767 MEDIUM PATCH This Month

A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Video Management System Viewer Video Management System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-5528 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-8647 MEDIUM PATCH This Month

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-5854 MEDIUM This Month

On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +13
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-8608 MEDIUM PATCH This Month

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libslirp Debian Linux Leap
NVD
CVSS 3.1
5.6
EPSS
2.5%
CVE-2020-5317 MEDIUM This Month

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Emc Elastic Cloud Storage
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-5855 MEDIUM This Month

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy