Skip to main content
CVE-2020-7609 CRITICAL POC PATCH Act Now

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Node Rules
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-9294 CRITICAL POC THREAT Act Now

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fortimail Fortivoice
NVD GitHub
CVSS 3.1
9.8
EPSS
77.8%
CVE-2020-12133 CRITICAL POC Act Now

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Electric Consciousmap
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-11817 CRITICAL POC Act Now

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-12271 CRITICAL POC KEV THREAT Act Now

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE SQLi Sfos
NVD
CVSS 3.1
9.8
EPSS
42.2%
CVE-2020-12268 CRITICAL POC PATCH Act Now

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Jbig2Dec Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-12267 CRITICAL POC PATCH Act Now

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Qt
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11941 HIGH POC This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-12138 HIGH POC This Week

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amd Atillk64
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-12242 HIGH POC This Week

Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Source
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-7067 HIGH POC PATCH This Week

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +1
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-12120 HIGH POC This Week

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Correos Express
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12273 HIGH POC PATCH This Week

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Testlink
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12270 MEDIUM POC This Month

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bluezone
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-11822 MEDIUM POC This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7640 CRITICAL PATCH Act Now

pixl-class prior to 1.0.3 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Pixl Class
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-1952 CRITICAL PATCH Act Now

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-12279 CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-12278 CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-9068 CRITICAL Act Now

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Ar3200 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12274 CRITICAL PATCH Act Now

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Testlink
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11821 MEDIUM POC This Month

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rukovoditel
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-12272 MEDIUM POC This Month

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opendmarc Fedora
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-1762 HIGH PATCH This Week

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Kiali Openshift Service Mesh
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-10996 HIGH This Week

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xtradb Cluster
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-7135 HIGH This Week

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Service Pack For Proliant
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11810 LOW POC PATCH Monitor

An issue was discovered in OpenVPN 2.4.x before 2.4.9. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Code Injection Openvpn Debian Linux Fedora
NVD GitHub
CVSS 3.1
3.7
EPSS
1.6%
CVE-2020-9481 HIGH PATCH This Week

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12266 HIGH This Week

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wl Wn579G3 Firmware Wl Wn575A3 Firmware Wl Wn530Hg4 Firmware Wn531G3 Firmware +11
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10664 HIGH This Week

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1806 HIGH This Week

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor V10 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-1805 HIGH This Week

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor V10 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-1804 HIGH This Week

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor V10 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-9072 MEDIUM This Month

Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Osd Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-1845 MEDIUM This Month

Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Pcmanager
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-11420 MEDIUM This Month

UPS Adapter CS141 before 1.90 allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cs141 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-10997 MEDIUM This Month

Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xtrabackup
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-12052 MEDIUM This Month

Grafana version < 6.7.3 is vulnerable for annotation popup XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Grafana
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-1880 MEDIUM This Month

Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Lion Al00C Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9489 MEDIUM PATCH This Month

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Tika Flexcube Private Banking Primavera Unifier +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2020-1722 MEDIUM This Month

A flaw was found in all ipa versions 4.x.x through 4.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Freeipa Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11415 MEDIUM PATCH This Month

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2020-9488 LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J Communications Application Session Controller Communications Billing And Revenue Management +43
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2020-1807 LOW Monitor

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2020-11869 LOW PATCH Monitor

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu
NVD
CVSS 3.1
3.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy