Skip to main content
CVE-2020-10181 CRITICAL POC KEV THREAT Act Now

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enhanced Multimedia Router Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.2%
CVE-2020-7943 HIGH POC This Week

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Enterprise Puppet Server Puppetdb
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2020-1947 CRITICAL PATCH Act Now

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Shardingsphere
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2020-8540 CRITICAL Act Now

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF XXE Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2020-5203 CRITICAL PATCH Act Now

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fat Free Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-10376 CRITICAL Act Now

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tc7337Net Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-7598 MEDIUM POC PATCH This Month

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Minimist Leap
NVD
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-1733 MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2020-9408 HIGH This Week

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-5958 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft RCE Nvidia Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1981 HIGH This Week

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1980 HIGH This Week

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.1 versions earlier than PAN-OS 8.1.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-1979 HIGH This Week

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.1
7.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy