Skip to main content
CVE-2020-11542 CRITICAL POC Act Now

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Infinias Eidc32 Firmware Infinias Eidc32 Web
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-11528 HIGH POC This Week

bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Bit2Spr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11529 MEDIUM POC PATCH THREAT This Month

Common/Grav.php in Grav before 1.7 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect PHP Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
10.9%
CVE-2020-11518 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho RCE Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.8
EPSS
18.8%
CVE-2020-5348 HIGH This Week

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE Latitude 7202 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11527 HIGH This Week

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
9.5%
CVE-2020-5347 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11533 MEDIUM This Month

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Workspace Control
NVD
CVSS 3.1
5.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy