Skip to main content
CVE-2020-7961 CRITICAL POC KEV PATCH THREAT Act Now

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Liferay Portal
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
Threat
8.0
CVE-2020-10799 CRITICAL POC PATCH Act Now

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python XXE Svglib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8137 CRITICAL POC PATCH Act Now

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Blamer
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-8135 CRITICAL POC PATCH Act Now

The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Uppy
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-8134 HIGH POC PATCH This Week

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ghost
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-10682 HIGH POC This Week

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Cms Made Simple
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-8136 HIGH POC PATCH This Week

Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastify Multipart
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9425 HIGH POC PATCH THREAT This Week

An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Rconfig
NVD GitHub
CVSS 3.1
7.5
EPSS
16.7%
CVE-2020-8140 MEDIUM POC This Month

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection Apple Desktop
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-8138 MEDIUM POC This Month

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud SSRF Nextcloud Server
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-10558 MEDIUM POC This Month

The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Model 3 Web Interface
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-9345 MEDIUM POC This Month

An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Signopad Api Web
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9343 MEDIUM POC This Month

An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Signopad Api Web
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9344 MEDIUM POC This Month

Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subversion Application Lifecycle Management
NVD
CVSS 3.1
6.1
EPSS
5.2%
CVE-2020-10681 MEDIUM POC This Month

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8882 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-8881 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-8880 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-8878 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2020-1864 HIGH This Week

Some Huawei products have a security vulnerability due to improper authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Authentication Bypass Secospace Antiddos8000 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-1709 HIGH This Week

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openshift
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10792 HIGH PATCH This Week

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Openitcockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-10597 HIGH This Week

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-1707 HIGH This Week

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation PostgreSQL Openshift
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-1796 MEDIUM This Month

There is an improper authorization vulnerability in several smartphones. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2020-8139 MEDIUM This Month

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-10194 MEDIUM PATCH This Month

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass Zm Mailbox
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-1878 MEDIUM This Month

Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Oxfords An00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1696 MEDIUM This Month

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Certificate System Dogtagpki
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-1794 MEDIUM This Month

There is an improper authentication vulnerability in several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-1793 MEDIUM This Month

There is an improper authentication vulnerability in several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-8883 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
4.3
EPSS
8.4%
CVE-2020-8879 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
4.3
EPSS
8.2%
CVE-2020-8877 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
4.3
EPSS
8.2%
CVE-2020-1879 LOW Monitor

There is an improper integrity checking vulnerability on some huawei products. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hege 560 Firmware Hege 570 Firmware Osca 550 Firmware +3
NVD
CVSS 3.1
3.9
EPSS
0.1%
CVE-2020-1862 LOW Monitor

There is a double free vulnerability in some Huawei products. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Campusinsight Manageone
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-1795 LOW Monitor

There is a logic error vulnerability in several smartphones. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy