Skip to main content
CVE-2020-11942 CRITICAL POC Act Now

An issue was discovered in Open-AudIT 3.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Audit
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-12471 CRITICAL POC Act Now

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Monox
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-11020 CRITICAL POC PATCH Act Now

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Faye
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12443 CRITICAL POC PATCH Act Now

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Nginx Path Traversal Bigbluebutton
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-12479 HIGH POC This Week

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Teampass
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-11943 HIGH POC THREAT This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Audit
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-12461 HIGH POC PATCH This Week

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11677 HIGH POC This Week

Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11676 HIGH POC This Week

Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11675 HIGH POC This Week

Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11674 HIGH POC This Week

Cerner medico 26.00 allows variable reuse, possibly causing data corruption. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-12246 HIGH POC This Week

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart Box Firmware
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-12468 HIGH POC This Week

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Subrion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-12478 HIGH POC This Week

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
8.6%
CVE-2020-12477 HIGH POC This Week

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12447 HIGH POC THREAT This Week

A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tx Nr585 Firmware
NVD
CVSS 3.1
7.5
EPSS
14.1%
CVE-2020-11022 MEDIUM POC PATCH This Month

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Jquery Drupal Debian Linux Fedora +66
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.9
EPSS
2.1%
CVE-2020-12470 HIGH POC This Week

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Information Disclosure Monox
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-12473 HIGH POC This Week

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monox
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-12464 MEDIUM POC PATCH This Month

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +9
NVD GitHub
CVSS 3.1
6.7
EPSS
0.8%
CVE-2020-12469 MEDIUM POC This Month

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Subrion
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12467 MEDIUM POC This Month

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Subrion
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-11023 MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux Fedora Drupal +48
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
83.8%
CVE-2020-8481 CRITICAL Act Now

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa System
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-8479 CRITICAL Act Now

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XXE 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-12458 MEDIUM POC PATCH This Month

An information-disclosure flaw was found in Grafana through 6.7.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-12472 MEDIUM POC This Month

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-3955 CRITICAL PATCH Act Now

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware ESXi
NVD
CVSS 3.1
9.3
EPSS
1.3%
CVE-2020-7452 CRITICAL PATCH Act Now

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Freebsd
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2020-8775 HIGH This Week

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
8.9
EPSS
0.8%
CVE-2020-8773 HIGH This Week

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
8.9
EPSS
0.8%
CVE-2020-8774 HIGH This Week

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-11024 HIGH PATCH This Week

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable.

Information Disclosure Apple Moonlight
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2020-12446 HIGH This Week

The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trident Z Lighting Control
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11446 HIGH This Week

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Eset Privilege Escalation Antivirus And Antispyware Endpoint Antivirus Endpoint Security +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8489 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Information Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8488 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Batch Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8487 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8486 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Rnrp
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8485 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Microsoft 800Xa
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8484 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Microsoft 800Xa
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8471 HIGH This Week

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Abb 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8473 HIGH This Week

Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8472 HIGH This Week

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Control Builder M Mms Server Opc Server +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-11021 HIGH PATCH This Week

Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Http Client
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-2575 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8476 HIGH This Week

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8475 HIGH This Week

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7804 HIGH This Week

ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Command Injection Groupware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-11884 HIGH PATCH This Week

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails. Rated high severity (CVSS 7.0).

Race Condition RCE Linux Linux Kernel Ubuntu Linux +21
NVD
CVSS 3.1
7.0
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy