Skip to main content
CVE-2020-10915 CRITICAL POC THREAT Emergency

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization One
NVD GitHub
CVSS 3.1
9.8
EPSS
86.6%
CVE-2020-10914 CRITICAL POC THREAT Emergency

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization One
NVD GitHub
CVSS 3.1
9.8
EPSS
47.0%
CVE-2020-7350 HIGH POC Act Now

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metasploit
NVD GitHub
CVSS 3.1
7.8
EPSS
4.9%
CVE-2020-7055 CRITICAL POC Act Now

An issue was discovered in Elementor 2.7.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Elementor Page Builder
NVD
CVSS 3.1
9.9
EPSS
3.1%
CVE-2020-11539 HIGH POC This Week

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sf Rush Smart Band Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-5740 HIGH POC This Week

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft Media Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-1983 MEDIUM POC PATCH This Month

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Libslirp Fedora +3
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-7489 CRITICAL PATCH Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert - Basic or SoMachine Basic programming. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Ecostruxure Machine Expert Somachine Basic Modicon M100 Firmware Modicon M200 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-7487 CRITICAL Act Now

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine Somachine Motion Modicon M218 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-11796 CRITICAL Act Now

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Space
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11690 CRITICAL Act Now

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-8831 MEDIUM POC This Month

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Apport
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-7642 MEDIUM POC PATCH This Month

lazysizes through 5.2.0 allows execution of malicious JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Lazysizes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-10892 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-10890 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-11011 HIGH PATCH This Week

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Phproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-8477 HIGH This Week

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Abb 800Xa Information Manager
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-8833 MEDIUM POC This Month

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Apport
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-10712 HIGH This Week

A flaw was found in OpenShift Container Platform version 4.1 and later. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-10913 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
6.6%
CVE-2020-10912 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10911 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10910 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10909 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10908 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10907 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10906 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10904 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10902 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10900 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10899 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10898 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10897 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10896 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10895 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10893 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10891 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10889 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-7490 HIGH This Week

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vijeo Designer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8474 HIGH This Week

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7488 HIGH This Week

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine Somachine Motion Modicon M218 Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-8867 HIGH PATCH This Week

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unified Architecture Net Standard
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-11506 HIGH This Week

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Request Smuggling Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11505 HIGH This Week

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Request Smuggling Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12066 HIGH PATCH This Week

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teeworlds Backports Sle Leap Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-11795 HIGH This Week

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Space
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-11693 HIGH This Week

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-11691 HIGH This Week

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-11688 HIGH This Week

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11687 HIGH This Week

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy