Skip to main content
CVE-2020-11586 CRITICAL POC Act Now

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cipace
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11598 CRITICAL POC Act Now

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Cipace
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-11597 CRITICAL POC Act Now

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cipace
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11545 CRITICAL POC Act Now

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Official Car Rental System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7622 CRITICAL POC PATCH Act Now

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jooby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7636 CRITICAL POC Act Now

adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Adb Driver
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7635 CRITICAL POC Act Now

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Compass Compile
NVD GitHub
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7634 CRITICAL POC PATCH Act Now

heroku-addonpool through 0.1.15 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Heroku Addonpool
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7633 CRITICAL POC Act Now

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Apiconnect Cli Plugins
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7632 CRITICAL POC Act Now

node-mpv through 1.4.3 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Node Mpv
NVD GitHub
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7631 CRITICAL POC Act Now

diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Diskusage Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-11580 CRITICAL POC Act Now

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-11582 HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Ivanti Information Disclosure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-11581 HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ivanti Command Injection Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
8.1
EPSS
9.8%
CVE-2020-11587 HIGH POC This Week

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11599 HIGH POC This Week

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cipace
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11596 HIGH POC This Week

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cipace
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-11595 HIGH POC This Week

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11594 HIGH POC This Week

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11593 HIGH POC This Week

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Cipace
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11592 HIGH POC This Week

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11589 HIGH POC This Week

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cipace
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-8004 HIGH POC This Week

STMicroelectronics STM32F1 devices have Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Stm32F1 Firmware
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-10267 HIGH POC This Week

Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ur Software
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-11544 HIGH POC This Week

An issue was discovered in Project Worlds Official Car Rental System 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Official Car Rental System
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-9473 MEDIUM POC This Month

The S. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Sg 150 0 Firmware
NVD
CVSS 3.1
6.6
EPSS
1.0%
CVE-2020-10265 CRITICAL Act Now

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ur Software
NVD
CVSS 3.1
9.4
EPSS
1.4%
CVE-2020-11591 MEDIUM POC This Month

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11590 MEDIUM POC This Month

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11588 MEDIUM POC This Month

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7639 MEDIUM POC PATCH This Month

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dot
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7638 MEDIUM POC PATCH This Month

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Confinit
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7637 MEDIUM POC PATCH This Month

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Class Transformer
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-10264 HIGH This Week

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Ur Software
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-11585 MEDIUM POC This Month

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dotnetnuke
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-10266 HIGH This Week

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ur
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-5832 HIGH This Week

Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Data Center Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11507 HIGH This Week

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adwcleaner
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-11565 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.6.2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-11102 MEDIUM This Month

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-1728 MEDIUM This Month

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Quarkus
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-5300 MEDIUM PATCH This Month

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Hydra
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy