Skip to main content
CVE-2020-9054 CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE Nas326 Firmware Nas520 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2020-9757 CRITICAL POC PATCH THREAT Act Now

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Craft Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
73.4%
CVE-2020-10057 HIGH POC This Week

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation CSRF Genixcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-7988 HIGH POC This Week

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpipam
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-9372 HIGH POC This Week

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Appointment Booking Calendar
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
8.6%
CVE-2020-9550 CRITICAL Act Now

Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smarthome Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-9477 CRITICAL Act Now

An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hga12R 02 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-9761 CRITICAL Act Now

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Asycuda World
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-10029 MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical Glibc Fedora +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9364 MEDIUM POC This Month

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Creative Contact Form
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-9371 MEDIUM POC This Month

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Appointment Booking Calendar
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
3.6%
CVE-2020-5536 HIGH This Week

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openblocks Iot Vx2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-5535 HIGH This Week

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Openblocks Iot Vx2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3128 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Webex Meetings Webex Meetings Online +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-3127 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Webex Meetings Webex Meetings Online +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-8661 HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-8659 HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-7130 HIGH This Week

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneview Global Dashboard
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-9476 HIGH This Week

ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arris Tg1692A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-3155 HIGH This Week

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Intelligence Proximity Jabber Meeting +5
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2020-3148 HIGH This Week

A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Network Registrar
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-3176 MEDIUM This Month

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Remote Phy 120 Firmware Remote Phy 220 Firmware Remote Phy Shelf 7200 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3181 MEDIUM This Month

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-3192 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3190 MEDIUM This Month

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
5.8
EPSS
1.3%
CVE-2020-3185 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Telepresence Management Suite
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3157 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8660 MEDIUM This Month

CNCF Envoy through 1.13.0 TLS inspector bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-8664 MEDIUM This Month

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-3193 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3164 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Cloud Email Security Content Security Management Appliance Email Security Appliance +1
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-5251 MEDIUM PATCH This Month

In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-3182 MEDIUM This Month

A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Webex Meetings
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy