Skip to main content
CVE-2020-7350 HIGH POC Act Now

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metasploit
NVD GitHub
CVSS 3.1
7.8
EPSS
4.9%
CVE-2020-11539 HIGH POC This Week

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sf Rush Smart Band Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-5740 HIGH POC This Week

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft Media Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10892 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-10890 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-11011 HIGH PATCH This Week

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Phproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-8477 HIGH This Week

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Abb 800Xa Information Manager
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-10712 HIGH This Week

A flaw was found in OpenShift Container Platform version 4.1 and later. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-10913 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
6.6%
CVE-2020-10912 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10911 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10910 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10909 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10908 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10907 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10906 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10904 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10902 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10900 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10899 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10898 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10897 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10896 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10895 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-10893 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10891 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10889 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-7490 HIGH This Week

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vijeo Designer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8474 HIGH This Week

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7488 HIGH This Week

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine Somachine Motion Modicon M218 Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-8867 HIGH PATCH This Week

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unified Architecture Net Standard
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-11506 HIGH This Week

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Request Smuggling Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11505 HIGH This Week

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Request Smuggling Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12066 HIGH PATCH This Week

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teeworlds Backports Sle Leap Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-11795 HIGH This Week

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Space
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-11693 HIGH This Week

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-11691 HIGH This Week

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-11688 HIGH This Week

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11687 HIGH This Week

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11685 HIGH This Week

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Goland
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-12059 HIGH PATCH This Week

An issue was discovered in Ceph through 13.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ceph Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy