Skip to main content
CVE-2020-0796 CRITICAL POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft Windows 10 1903 Windows 10 1909 +2
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
99.8%
CVE-2020-0787 HIGH POC KEV EUVD KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1709 +14
NVD
CVSS 3.1
7.8
EPSS
42.5%
CVE-2020-10109 CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-10108 CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-9436 HIGH POC This Week

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tc Router 3002T 4G Firmware Tc Router 2002T 3G Firmware Tc Router 3002T 4G Vzw Firmware Tc Router 3002T 4G Att Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-10478 HIGH POC This Week

CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE CSRF PHP Phpkb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-9543 HIGH POC PATCH This Week

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Manila
NVD
CVSS 3.1
8.3
EPSS
1.2%
CVE-2020-8435 HIGH POC This Week

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Registrationmagic
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2020-10532 HIGH POC This Week

The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Ad Helper Firmware
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-9435 HIGH POC This Week

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tc Router 3002T 4G Firmware Tc Router 2002T 3G Firmware Tc Router 3002T 4G Vzw Firmware Tc Router 3002T 4G Att Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10390 HIGH POC This Week

OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Phpkb
NVD
CVSS 3.1
7.2
EPSS
4.3%
CVE-2020-10389 HIGH POC This Week

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Phpkb
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
4.9%
CVE-2020-10386 HIGH POC THREAT This Week

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Phpkb
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
12.3%
CVE-2020-6858 MEDIUM POC PATCH This Month

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Styx
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-10501 MEDIUM POC This Month

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpkb
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-10498 MEDIUM POC This Month

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpkb
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10497 MEDIUM POC This Month

CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpkb
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10458 MEDIUM POC This Month

Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Path Traversal Phpkb
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-8436 MEDIUM POC This Month

XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Registrationmagic
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-10461 MEDIUM POC This Month

The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10534 CRITICAL PATCH Act Now

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-0902 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Service Fabric
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-0690 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2020-0872 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Application Inspector
NVD
CVSS 3.1
9.6
EPSS
9.9%
CVE-2020-10388 MEDIUM POC This Month

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-7600 MEDIUM POC PATCH This Month

querymen prior to 2.1.4 allows modification of object properties. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Querymen
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-10460 MEDIUM POC This Month

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Phpkb
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-10387 MEDIUM POC This Month

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Phpkb
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
7.8%
CVE-2020-0583 HIGH This Week

Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Smart Sound Technology
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-10531 HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode Enterprise Linux Desktop Enterprise Linux Server +8
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-0883 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
22.0%
CVE-2020-0881 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
16.5%
CVE-2020-0869 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-0850 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office 365 Proplus Office Online Server +4
NVD
CVSS 3.1
8.8
EPSS
8.6%
CVE-2020-0816 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2020-0809 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2020-0807 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2020-0801 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2020-0684 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
8.7%
CVE-2020-10477 MEDIUM POC This Month

Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10476 MEDIUM POC This Month

Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10475 MEDIUM POC This Month

Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10474 MEDIUM POC This Month

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10473 MEDIUM POC This Month

Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10472 MEDIUM POC This Month

Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10471 MEDIUM POC This Month

Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-10470 MEDIUM POC This Month

Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10469 MEDIUM POC This Month

Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10468 MEDIUM POC This Month

Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-10467 MEDIUM POC This Month

Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpkb
NVD
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy