Skip to main content
CVE-2020-10199 HIGH POC KEV PATCH THREAT Act Now

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Nexus
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.1%
CVE-2020-10948 CRITICAL POC Act Now

Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Alienform2
NVD GitHub
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-10867 CRITICAL POC Act Now

An issue was discovered in Avast Antivirus before 20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-11455 CRITICAL POC PATCH THREAT Act Now

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Path Traversal Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.0%
CVE-2020-11465 HIGH POC This Week

An issue was discovered in Deskpro before 2019.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Deskpro
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-7065 HIGH POC PATCH This Week

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Stack Overflow PHP Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2020-11469 HIGH POC This Week

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10862 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11463 HIGH POC This Week

An issue was discovered in Deskpro before 2019.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Deskpro
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10868 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10866 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10865 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10863 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-10861 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10860 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11449 HIGH POC This Week

An issue was discovered on Technicolor TC7337 8.89.17 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tc7337 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10231 HIGH POC This Week

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service TP-Link Nc450 Firmware Nc260 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-11467 HIGH POC This Week

An issue was discovered in Deskpro before 2019.8.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Deskpro
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2020-5290 MEDIUM POC This Month

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Session Fixation Rctf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10864 MEDIUM POC This Month

An issue was discovered in Avast Antivirus before 20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-1943 MEDIUM POC THREAT This Month

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 3.1
6.1
EPSS
97.3%
CVE-2020-6009 CRITICAL Act Now

LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Learndash
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-3850 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-3849 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-3848 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-3847 CRITICAL Act Now

An out-of-bounds read was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-9769 CRITICAL Act Now

Multiple issues were addressed by updating to version 8.1.1850. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3911 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-3910 CRITICAL Act Now

A buffer overflow was addressed with improved size validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-3909 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Icloud Itunes +6
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-7947 CRITICAL Act Now

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Code Injection Login By Auth0
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-11457 MEDIUM POC PATCH This Month

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Pfsense
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
9.3%
CVE-2020-11456 MEDIUM POC PATCH THREAT This Month

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
70.8%
CVE-2020-7064 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Debian Linux Ubuntu Linux +2
NVD
CVSS 3.1
5.4
EPSS
4.3%
CVE-2020-9783 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-3901 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Memory Corruption Apple Icloud +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3900 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-3899 HIGH This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2020-3897 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Memory Corruption Apple Icloud +6
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-3895 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-3883 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X Ipad Os Iphone Os +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7948 HIGH This Week

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Login By Auth0
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-5391 HIGH This Week

Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Auth0
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-8144 HIGH This Week

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Microsoft Path Traversal Unifi Video
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2020-11466 MEDIUM POC This Month

An issue was discovered in Deskpro before 2019.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deskpro
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-11464 MEDIUM POC This Month

An issue was discovered in Deskpro before 2019.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deskpro
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-7066 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tenable Sc Leap Debian Linux
NVD
CVSS 3.1
4.3
EPSS
2.8%
CVE-2020-6096 HIGH This Week

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Glibc Fedora Debian Linux
NVD
CVSS 3.1
8.1
EPSS
5.2%
CVE-2020-8146 HIGH This Week

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Privilege Escalation Microsoft Unifi Video
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9785 HIGH This Week

Multiple memory corruption issues were addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy