Skip to main content
CVE-2020-12479 HIGH POC This Week

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Teampass
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-11943 HIGH POC THREAT This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Audit
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-12461 HIGH POC PATCH This Week

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11677 HIGH POC This Week

Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11676 HIGH POC This Week

Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11675 HIGH POC This Week

Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11674 HIGH POC This Week

Cerner medico 26.00 allows variable reuse, possibly causing data corruption. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Medico
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-12246 HIGH POC This Week

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart Box Firmware
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-12468 HIGH POC This Week

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Subrion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-12478 HIGH POC This Week

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
8.6%
CVE-2020-12477 HIGH POC This Week

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12447 HIGH POC THREAT This Week

A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tx Nr585 Firmware
NVD
CVSS 3.1
7.5
EPSS
14.1%
CVE-2020-12470 HIGH POC This Week

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Information Disclosure Monox
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-12473 HIGH POC This Week

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monox
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-8775 HIGH This Week

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
8.9
EPSS
0.8%
CVE-2020-8773 HIGH This Week

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
8.9
EPSS
0.8%
CVE-2020-8774 HIGH This Week

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-11024 HIGH PATCH This Week

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable.

Information Disclosure Apple Moonlight
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2020-12446 HIGH This Week

The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trident Z Lighting Control
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11446 HIGH This Week

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Eset Privilege Escalation Antivirus And Antispyware Endpoint Antivirus Endpoint Security +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8489 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Information Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8488 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Batch Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8487 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8486 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Rnrp
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8485 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Microsoft 800Xa
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8484 HIGH This Week

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Microsoft 800Xa
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8471 HIGH This Week

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Abb 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8473 HIGH This Week

Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation 800Xa Base System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8472 HIGH This Week

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Control Builder M Mms Server Opc Server +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-11021 HIGH PATCH This Week

Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Http Client
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-2575 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8476 HIGH This Week

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8475 HIGH This Week

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7804 HIGH This Week

ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Command Injection Groupware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-11884 HIGH PATCH This Week

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails. Rated high severity (CVSS 7.0).

Race Condition RCE Linux Linux Kernel Ubuntu Linux +21
NVD
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy