Skip to main content
CVE-2020-5722 CRITICAL POC KEV THREAT Emergency

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ucm6200 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
83.9%
CVE-2020-10879 CRITICAL POC PATCH THREAT Act Now

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP Rconfig
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
83.9%
CVE-2020-6449 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6429 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6428 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6427 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-6422 HIGH POC This Week

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-9759 HIGH POC This Week

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Webos
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10875 HIGH POC This Week

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Fx9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10874 HIGH POC This Week

Motorola FX9500 devices allow remote attackers to read database files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fx9500 41324D41 Us Firmware Fx9500 41324D41 Ww Firmware Fx9500 81324D41 Us Firmware Fx9500 81324D41 Ww Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10364 HIGH POC This Week

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-9392 HIGH POC This Week

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Pricing Table By Supsystic
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2020-8511 HIGH POC This Week

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2020-7935 HIGH POC This Week

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2020-8866 MEDIUM POC This Month

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Groupware Horde Form Debian Linux
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.6%
CVE-2020-6426 MEDIUM POC This Month

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +4
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2020-8838 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Zoho Microsoft RCE Manageengine Assetexplorer
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2020-8865 MEDIUM POC This Month

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Groupware Debian Linux
NVD Exploit-DB
CVSS 3.1
6.3
EPSS
6.8%
CVE-2020-1944 CRITICAL Act Now

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-8868 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Foglight Evolve
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2020-6967 CRITICAL Act Now

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Deserialization Factorytalk Services Platform
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2020-7480 CRITICAL Act Now

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7475 CRITICAL Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ecostruxure Control Expert Unity Pro Modicon M340 Firmware Modicon M580 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-9760 CRITICAL PATCH Act Now

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Weechat Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-9752 CRITICAL Act Now

Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Explorer
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-10871 MEDIUM POC PATCH This Month

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Luci
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-8497 MEDIUM POC This Month

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pandora Fms
NVD
CVSS 3.1
5.3
EPSS
5.3%
CVE-2020-10661 CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-8864 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE D-Link Dir 878 Firmware Dir 882 Firmware Dir 867 Firmware
NVD
CVSS 3.1
8.8
EPSS
80.2%
CVE-2020-8863 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 878 Firmware Dir 882 Firmware Dir 867 Firmware
NVD
CVSS 3.1
8.8
EPSS
76.7%
CVE-2020-8875 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-6424 HIGH This Week

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-6420 HIGH This Week

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-10793 HIGH This Week

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Codeigniter
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6650 HIGH PATCH This Week

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Code Injection Ups Companion
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-7479 HIGH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-7476 HIGH This Week

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ulti Zigbee Installation Toolkit
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7474 HIGH This Week

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pmepxm0100 Prosoft Configurator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7477 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 140Noe77101 Firmware 140Noe77111 Firmware Tsxh5744M Firmware Tsxh5724M Firmware +24
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-8859 HIGH This Week

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Electronic Logbook
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-7478 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Interactive Graphical Scada System
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-10593 HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-10592 HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Leap
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-8874 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8873 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8871 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2020-7482 MEDIUM This Month

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware Andover Continuum Bcx4040 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7481 MEDIUM This Month

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware Andover Continuum Bcx4040 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10870 MEDIUM This Month

Zim through 0.72.1 creates temporary directories with predictable names. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Zim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8876 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
5.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy