Skip to main content
CVE-2020-6841 CRITICAL POC Act Now

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP Dch M225 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-9330 HIGH POC PATCH This Week

Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Workcentre 3655 Firmware Workcentre 3655I Firmware Workcentre 5845 Firmware Workcentre 5855 Firmware +14
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-5243 HIGH POC PATCH This Week

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Uap Core
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-9329 MEDIUM POC This Month

Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Gogs
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-5524 HIGH This Week

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg2600Hs Firmware Aterm Wf1200C Firmware Aterm Wg1200Cr Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5534 HIGH This Week

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aterm Wg2600Hs Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-5525 HIGH This Week

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aterm Wg2600Hs Firmware Aterm Wf1200C Firmware Aterm Wg1200Cr Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-9327 HIGH PATCH This Week

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite Cloud Backup Ubuntu Linux +8
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-7907 HIGH This Week

In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scala
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-6842 HIGH This Week

D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link Dch M225 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-5533 MEDIUM This Month

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aterm Wg2600Hs Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5326 MEDIUM This Month

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Intel Authentication Bypass Chengming 3980 Firmware G3 3579 Firmware +172
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-5324 MEDIUM This Month

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. Rated medium severity (CVSS 4.4). No vendor patch available.

Dell Information Disclosure G3 3579 Firmware G3 3779 Firmware G3 15 3590 Firmware +110
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy