Skip to main content
CVE-2020-10884 HIGH POC THREAT Act Now

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE TP-Link Ac1750 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
24.7%
CVE-2020-10882 HIGH POC THREAT Act Now

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection TP-Link Ac1750 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
44.7%
CVE-2020-10883 HIGH POC Act Now

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Ac1750 Firmware
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
5.9%
CVE-2020-6811 HIGH POC This Week

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Command Injection Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-10965 HIGH POC PATCH This Week

Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Pcoip Management Console
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-10649 HIGH POC This Week

DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Device Activation
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9375 HIGH POC THREAT This Week

TP-Link Archer C50 V3 devices before Build 200318 Rel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Archer C50
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
28.2%
CVE-2020-10963 HIGH POC THREAT This Week

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Laravel Administrator
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
14.7%
CVE-2020-6807 HIGH This Week

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6806 HIGH This Week

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-6805 HIGH This Week

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-3790 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-3780 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3779 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-3776 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3774 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3773 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-3772 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3770 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3802 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat Dc +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-2171 HIGH PATCH This Week

Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rapiddeploy
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2168 HIGH PATCH This Week

Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Jenkins Azure Container Service
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2167 HIGH PATCH This Week

Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Openshift Pipeline
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-2166 HIGH PATCH This Week

Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Pipeline
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2160 HIGH PATCH This Week

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-5558 HIGH This Week

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Cutenews
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-9552 HIGH PATCH This Week

Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2020-9551 HIGH PATCH This Week

Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-3803 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-3766 HIGH This Week

Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Adobe Privilege Escalation Genuine Integrity Service
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-6809 HIGH This Week

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3777 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-3769 HIGH This Week

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-3761 HIGH This Week

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5281 HIGH PATCH This Week

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection LDAP Information Disclosure Perun
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5280 HIGH PATCH This Week

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-3806 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-3804 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-3800 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-2165 HIGH PATCH This Week

Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Artifactory
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy