Skip to main content
CVE-2020-1938 CRITICAL POC KEV PATCH THREAT Act Now

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache File Upload RCE Tomcat Geode +19
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.3%
CVE-2020-9374 CRITICAL POC THREAT Act Now

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection TP-Link Tl Wr849N Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
42.0%
CVE-2020-5245 HIGH POC PATCH This Week

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation Blockchain Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-5187 HIGH POC PATCH This Week

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dotnetnuke
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-9381 HIGH POC PATCH This Week

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Total Js Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-9365 HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Pure Ftpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
7.1%
CVE-2020-8131 HIGH POC PATCH This Week

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Path Traversal Yarn
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-5188 MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-8130 MEDIUM POC PATCH This Month

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Rake Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-9366 CRITICAL PATCH Act Now

A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Screen
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-4222 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2020-4213 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2020-4212 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE IBM Spectrum Protect
NVD
CVSS 3.1
9.8
EPSS
15.0%
CVE-2020-4211 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect
NVD
CVSS 3.1
9.8
EPSS
71.1%
CVE-2020-4210 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2020-9382 MEDIUM POC PATCH This Month

An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Widgets
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-5186 MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-1937 HIGH PATCH This Week

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Kylin
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-9363 HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix Endpoint Protection Intercept X Endpoint +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-9362 HIGH This Week

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Antivirus For Server Antivirus Pro Home Security +3
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-9369 HIGH PATCH This Week

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sympa Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-5244 HIGH PATCH This Week

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Buddypress
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-1935 MEDIUM PATCH This Month

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Request Smuggling Tomcat Information Disclosure Debian Linux +18
NVD
CVSS 3.1
4.8
EPSS
9.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy