Skip to main content
CVE-2020-10199 HIGH POC KEV PATCH THREAT Act Now

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Nexus
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.1%
CVE-2020-11465 HIGH POC This Week

An issue was discovered in Deskpro before 2019.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Deskpro
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-7065 HIGH POC PATCH This Week

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Stack Overflow PHP Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2020-11469 HIGH POC This Week

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10862 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11463 HIGH POC This Week

An issue was discovered in Deskpro before 2019.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Deskpro
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10868 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10866 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10865 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10863 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-10861 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10860 HIGH POC This Week

An issue was discovered in Avast Antivirus before 20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Antivirus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11449 HIGH POC This Week

An issue was discovered on Technicolor TC7337 8.89.17 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tc7337 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10231 HIGH POC This Week

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service TP-Link Nc450 Firmware Nc260 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-11467 HIGH POC This Week

An issue was discovered in Deskpro before 2019.8.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Deskpro
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2020-9783 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-3901 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Memory Corruption Apple Icloud +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3900 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-3899 HIGH This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2020-3897 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Memory Corruption Apple Icloud +6
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-3895 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-3883 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X Ipad Os Iphone Os +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7948 HIGH This Week

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Login By Auth0
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-5391 HIGH This Week

Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Auth0
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-8144 HIGH This Week

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Microsoft Path Traversal Unifi Video
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2020-6096 HIGH This Week

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Glibc Fedora Debian Linux
NVD
CVSS 3.1
8.1
EPSS
5.2%
CVE-2020-8146 HIGH This Week

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Privilege Escalation Microsoft Unifi Video
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9785 HIGH This Week

Multiple memory corruption issues were addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-9768 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple RCE Use After Free +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3919 HIGH This Week

A memory initialization issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3913 HIGH This Week

A permissions issue existed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-3906 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-3905 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3904 HIGH This Week

Multiple memory corruption issues were addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3903 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3893 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3892 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-5548 HIGH This Week

Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rtx830 Firmware Nvr510 Firmware Nvr700W Firmware Rtx1210 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10204 HIGH PATCH This Week

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Nexus
NVD
CVSS 3.1
7.2
EPSS
24.3%
CVE-2020-3912 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-3908 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-3907 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy