Skip to main content
CVE-2020-9465 CRITICAL POC THREAT Emergency

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
82.2%
CVE-2020-8132 CRITICAL POC Act Now

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Code Injection Pdf Image
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-9463 HIGH POC This Week

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Centreon
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2020-9442 HIGH POC This Week

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Connect
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8127 MEDIUM POC PATCH This Month

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reveal Js
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-9447 MEDIUM POC This Month

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Gwtupload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9459 MEDIUM POC This Month

Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Modern Events Calendar Lite
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-9449 HIGH This Week

An insecure random number generation vulnerability in BlaB!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Blab Ax Blab Ax Pro Blab Ws Blab Ws Pro
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-1844 HIGH This Week

PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-1881 HIGH This Week

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware Oceanstor 5310 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1876 HIGH This Week

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1873 HIGH This Week

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1860 HIGH This Week

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-5247 HIGH PATCH This Week

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Puma Ruby Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-6804 MEDIUM PATCH This Month

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webthings Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6803 MEDIUM PATCH This Month

An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Webthings Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9466 MEDIUM This Month

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Code Injection Export Users To Csv
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-1875 MEDIUM This Month

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1874 MEDIUM This Month

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1792 MEDIUM This Month

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Honor V10 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9399 MEDIUM This Month

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Antivirus For Linux Antivirus Pro Antivirus Pro Plus
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1877 MEDIUM This Month

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-1861 MEDIUM This Month

CloudEngine 12800 with versions of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Cloudengine 12800 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy