Skip to main content
CVE-2020-3250 CRITICAL POC THREAT Emergency

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD GitHub
CVSS 3.1
9.8
EPSS
60.2%
CVE-2020-3243 CRITICAL POC THREAT Emergency

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD GitHub
CVSS 3.1
9.8
EPSS
88.4%
CVE-2020-2883 CRITICAL POC KEV THREAT Emergency

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD GitHub
CVSS 3.1
9.8
EPSS
94.9%
CVE-2020-3161 CRITICAL POC KEV THREAT Act Now

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Denial Of Service Ip Phone 8865 Firmware Ip Phone 8851 Firmware Ip Phone 7841 Firmware +10
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
83.7%
CVE-2020-11799 CRITICAL POC Act Now

Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Z Cron
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11729 CRITICAL POC Act Now

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Andrew S Web Libraries Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-2733 CRITICAL POC THREAT Act Now

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
9.8
EPSS
18.6%
CVE-2020-4272 HIGH POC This Week

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE IBM Path Traversal Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-2944 HIGH POC PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Oracle Solaris
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-4270 HIGH POC This Week

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-1027 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2020-2851 HIGH POC This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Rated high severity (CVSS 7.8). Public exploit code available and no vendor patch available.

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-4269 HIGH POC This Week

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-4294 MEDIUM POC This Month

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

IBM SSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2020-4271 MEDIUM POC This Month

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

IBM Deserialization Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.3
EPSS
1.7%
CVE-2020-3248 CRITICAL Act Now

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
9.8
EPSS
73.9%
CVE-2020-3247 CRITICAL Act Now

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
9.8
EPSS
75.1%
CVE-2020-11658 CRITICAL Act Now

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ca Api Developer Portal
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-6996 CRITICAL Act Now

Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Dnp3 Source Code Library
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10611 CRITICAL Act Now

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Scada Data Gateway
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-11790 CRITICAL Act Now

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R7800 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-11789 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R6400 Firmware R6700 Firmware R6900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-1026 CRITICAL PATCH Act Now

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Research Javascript Cryptography Library
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-11537 CRITICAL Act Now

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11536 CRITICAL Act Now

An issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-11535 CRITICAL Act Now

An issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11534 CRITICAL Act Now

An issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-2961 CRITICAL PATCH Act Now

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-2953 CRITICAL PATCH Act Now

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-2950 CRITICAL PATCH Act Now

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
71.0%
CVE-2020-2931 CRITICAL Act Now

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Knowledge
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-2915 CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-2884 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-2801 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-2791 CRITICAL Act Now

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Knowledge
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-10511 CRITICAL Act Now

HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Oaklouds Ccm Il
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-10507 CRITICAL Act Now

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload The School Manage System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10505 CRITICAL Act Now

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi The School Manage System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-5721 MEDIUM POC This Month

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mikrotik Winbox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-4274 MEDIUM POC This Month

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-3251 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
8.8
EPSS
61.5%
CVE-2020-3239 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
8.8
EPSS
73.6%
CVE-2020-11666 HIGH This Week

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ca Api Developer Portal
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-11788 HIGH This Week

Certain NETGEAR devices are affected by authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass D6200 Firmware D7000 Firmware Pr2000 Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-0578 HIGH This Week

Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Compute Module Mfs2600Ki Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0577 HIGH This Week

Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Compute Module Mfs2600Ki Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-1020 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe Memory Corruption RCE +16
NVD
CVSS 3.1
8.8
EPSS
65.0%
CVE-2020-0981 HIGH PATCH This Week

A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-0979 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office 365 Proplus
NVD
CVSS 3.1
8.8
EPSS
11.3%
CVE-2020-0974 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
10.7%
Page 1 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy