Skip to main content
CVE-2020-10057 HIGH POC This Week

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation CSRF Genixcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-7988 HIGH POC This Week

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpipam
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-9372 HIGH POC This Week

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Appointment Booking Calendar
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
8.6%
CVE-2020-5536 HIGH This Week

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openblocks Iot Vx2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-5535 HIGH This Week

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Openblocks Iot Vx2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3128 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Webex Meetings Webex Meetings Online +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-3127 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Webex Meetings Webex Meetings Online +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-8661 HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-8659 HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-7130 HIGH This Week

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneview Global Dashboard
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-9476 HIGH This Week

ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arris Tg1692A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-3155 HIGH This Week

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Intelligence Proximity Jabber Meeting +5
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2020-3148 HIGH This Week

A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Network Registrar
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy