Skip to main content
CVE-2020-7630 CRITICAL POC Act Now

git-add-remote through 1.0.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Add Remote
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7629 CRITICAL POC Act Now

install-package through 0.4.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Install Package
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7627 CRITICAL POC Act Now

node-key-sender through 1.0.11 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Node Key Sender
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7626 CRITICAL POC Act Now

karma-mojo through 1.0.1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Karma Mojo
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-7625 CRITICAL POC Act Now

op-browser through 1.0.6 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Op Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7624 CRITICAL POC Act Now

effect through 1.0.4 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Effect
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-6852 CRITICAL POC Act Now

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tv 288Zd 2Mp Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-11498 HIGH POC PATCH This Week

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Nebula
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-11107 HIGH POC THREAT This Week

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Xampp
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
22.5%
CVE-2020-8835 HIGH POC PATCH This Week

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Fedora +25
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2020-8015 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Exim
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9349 HIGH POC This Week

The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tv 288Zd 2Mp Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-11450 HIGH POC PATCH THREAT This Week

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microstrategy Web
NVD
CVSS 3.1
7.5
EPSS
17.8%
CVE-2020-8423 HIGH POC This Week

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE TP-Link Tl Wr841n Firmware
NVD
CVSS 3.1
7.2
EPSS
9.3%
CVE-2020-11451 HIGH POC PATCH This Week

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload SSRF Microstrategy Web
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-11490 HIGH POC This Week

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zen Load Balancer
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-8016 HIGH POC This Week

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Texlive Filesystem
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-11499 MEDIUM POC This Month

Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Firmware Analysis And Comparison Tool
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7628 CRITICAL Act Now

umount through 1.1.6 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Install Package Umount
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-10515 CRITICAL Act Now

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Unified Communication Collaboration Client
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-7623 CRITICAL Act Now

jscover through 1.0.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Jscover
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-7621 CRITICAL Act Now

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nginx Strongloop Nginx Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-7620 CRITICAL Act Now

pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pomelo Monitor
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-7619 CRITICAL Act Now

get-git-data through 1.3.1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Get Git Data
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-7617 CRITICAL PATCH Act Now

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Ini Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11454 MEDIUM POC PATCH This Month

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microstrategy Web
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-11453 MEDIUM POC PATCH This Month

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Microstrategy Web
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2020-11458 MEDIUM POC PATCH This Month

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-11491 MEDIUM POC This Month

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zen Load Balancer
NVD GitHub
CVSS 3.1
4.9
EPSS
7.9%
CVE-2020-11444 HIGH PATCH This Week

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Nexus
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2020-11100 HIGH This Week

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Haproxy Debian Linux +4
NVD
CVSS 3.1
8.8
EPSS
60.7%
CVE-2020-11452 MEDIUM POC PATCH This Month

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microstrategy Web
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-9067 HIGH This Week

There is a buffer overflow vulnerability in some Huawei products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Smartax Ma5600T Firmware Smartax Ma5800 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-4325 MEDIUM This Month

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Cloud Pak For Automation Process Federation Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-8017 MEDIUM This Month

A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Texlive Filesystem Leap
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-4304 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4303 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-1927 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Http Server Fedora Debian Linux +11
NVD
CVSS 3.1
6.1
EPSS
56.7%
CVE-2020-11494 MEDIUM PATCH This Month

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Leap Debian Linux +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy