Skip to main content
CVE-2020-8656 CRITICAL POC THREAT Emergency

An issue was discovered in EyesOfNetwork 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
84.6%
CVE-2020-8654 HIGH POC THREAT Act Now

An issue was discovered in EyesOfNetwork 5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
85.6%
CVE-2020-8655 HIGH POC KEV THREAT Act Now

An issue was discovered in EyesOfNetwork 5.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Privilege Escalation Eyesofnetwork
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
58.1%
CVE-2020-8645 CRITICAL POC Act Now

An issue was discovered in Simplejobscript.com SJS through 1.66. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simplejobscript
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-8788 MEDIUM POC This Month

Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clearcanvas
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6770 CRITICAL Act Now

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Bosch Video Management System Mobile Video Service Divar Ip 3000 Firmware Divar Ip 7000 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-8796 CRITICAL Act Now

Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Secure File Transfer
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-8812 MEDIUM POC This Month

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6769 CRITICAL PATCH Act Now

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Video Streaming Gateway Divar Ip 2000 Firmware Divar Ip 5000 Firmware
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2020-8811 MEDIUM POC This Month

ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Bludit
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-8808 HIGH PATCH This Week

The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Icue
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8126 HIGH This Week

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Edgeswitch
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-6768 HIGH PATCH This Week

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Video Management System Viewer Video Management System
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-1708 HIGH This Week

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Openshift Container Platform
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-1700 MEDIUM This Month

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Openshift Container Storage Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-1768 MEDIUM This Month

The external frontend system uses numerous background calls to the backend. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy