Skip to main content
CVE-2020-5847 CRITICAL POC KEV THREAT Emergency

Unraid through 6.8.0 allows unauthenticated remote code execution (CVE-2020-5847, CVSS 9.8, EPSS 93.5%). This critical vulnerability in the popular NAS operating system enables attackers to execute arbitrary code without authentication, compromising all data stored on the NAS and all Docker containers/VMs running on the Unraid system.

RCE Unraid
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
93.5%
Threat
7.8
CVE-2020-5849 HIGH POC KEV THREAT Act Now

Unraid 6.8.0 contains an authentication bypass vulnerability (CVE-2020-5849, CVSS 7.5, EPSS 93.8%) that allows remote attackers to bypass login protections. Companion to CVE-2020-5847 (RCE), these two vulnerabilities together provide complete unauthenticated access and code execution on affected Unraid NAS systems.

Authentication Bypass Unraid
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
93.8%
Threat
7.3
CVE-2020-10230 CRITICAL POC THREAT Act Now

{SESSION_HASH}/admin/loader_ajax.php term parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Webpanel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
14.7%
CVE-2020-9471 HIGH POC This Week

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-10557 HIGH POC This Week

An issue was discovered in AContent through 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Acontent
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-7982 HIGH POC PATCH This Week

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Lede Openwrt
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-6582 HIGH POC This Week

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Remote Plug In Executor Fedora
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-6581 HIGH POC This Week

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Remote Plug In Executor Fedora
NVD
CVSS 3.1
7.3
EPSS
1.6%
CVE-2020-5844 HIGH POC THREAT This Week

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pandora Fms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
30.3%
CVE-2020-9472 MEDIUM POC PATCH This Month

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-6990 CRITICAL Act Now

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-9347 CRITICAL Act Now

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Code Injection Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2020-8786 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8785 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8784 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8783 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-10243 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-5547 CRITICAL PATCH Act Now

Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-5545 CRITICAL PATCH Act Now

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-5544 CRITICAL PATCH Act Now

Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-5543 CRITICAL PATCH Act Now

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-5542 CRITICAL PATCH Act Now

Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-1753 MEDIUM POC PATCH This Month

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Ansible Engine Ansible Tower Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-7608 MEDIUM POC PATCH This Month

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Yargs Parser
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-9346 HIGH This Week

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Manageengine Password Manager Pro
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-3947 HIGH This Week

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption VMware Fusion +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-6585 HIGH This Week

Nagios Log Server 2.1.3 has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nagios
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10241 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-10239 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-5546 HIGH PATCH This Week

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Code Injection Iu1 1M20 D Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-1735 MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-3948 HIGH This Week

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion Workstation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6984 HIGH This Week

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-6988 HIGH This Week

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-8787 HIGH This Week

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suitecrm
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-7919 HIGH PATCH This Week

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Debian Linux Fedora Cloud Insights Telegraf
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-7248 HIGH PATCH This Week

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Openwrt
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9321 HIGH PATCH This Week

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Traefik Traefik Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10238 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
5.6%
CVE-2020-1736 LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-7916 MEDIUM This Month

be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP Learnpress
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6584 MEDIUM This Month

Nagios Log Server 2.1.3 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2020-10242 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-6175 MEDIUM This Month

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Citrix Sd Wan Center Netscaler Sd Wan Center
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-6586 MEDIUM This Month

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios
NVD
CVSS 3.1
5.4
EPSS
27.3%
CVE-2020-10240 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-9518 MEDIUM This Month

Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-9519 MEDIUM This Month

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-1740 MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible Ansible Tower Cloudforms Management Engine +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-1738 LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy