Skip to main content
CVE-2020-5849 HIGH POC KEV THREAT Act Now

Unraid 6.8.0 contains an authentication bypass vulnerability (CVE-2020-5849, CVSS 7.5, EPSS 93.8%) that allows remote attackers to bypass login protections. Companion to CVE-2020-5847 (RCE), these two vulnerabilities together provide complete unauthenticated access and code execution on affected Unraid NAS systems.

Authentication Bypass Unraid
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
93.8%
Threat
7.3
CVE-2020-9471 HIGH POC This Week

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-10557 HIGH POC This Week

An issue was discovered in AContent through 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Acontent
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-7982 HIGH POC PATCH This Week

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Lede Openwrt
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-6582 HIGH POC This Week

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Remote Plug In Executor Fedora
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-6581 HIGH POC This Week

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Remote Plug In Executor Fedora
NVD
CVSS 3.1
7.3
EPSS
1.6%
CVE-2020-5844 HIGH POC THREAT This Week

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pandora Fms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
30.3%
CVE-2020-9346 HIGH This Week

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Manageengine Password Manager Pro
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-3947 HIGH This Week

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption VMware Fusion +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-6585 HIGH This Week

Nagios Log Server 2.1.3 has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nagios
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10241 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-10239 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-5546 HIGH PATCH This Week

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Code Injection Iu1 1M20 D Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3948 HIGH This Week

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion Workstation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6984 HIGH This Week

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-6988 HIGH This Week

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-8787 HIGH This Week

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suitecrm
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-7919 HIGH PATCH This Week

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Debian Linux Fedora Cloud Insights Telegraf
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-7248 HIGH PATCH This Week

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Openwrt
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9321 HIGH PATCH This Week

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Traefik Traefik Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10238 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
5.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy