Skip to main content
CVE-2020-9276 HIGH POC This Week

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dsl 2640B Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-11010 HIGH PATCH This Week

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Tortoise Orm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11753 HIGH PATCH This Week

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Nexus Repository Manager 3
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-5569 HIGH This Week

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Password Tool For Windows
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-11946 HIGH This Week

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
51.8%
CVE-2020-3946 HIGH This Week

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy