Skip to main content
CVE-2020-12109 HIGH POC THREAT Act Now

Certain TP-Link devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection TP-Link Nc200 Firmware Nc210 Firmware Nc220 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
74.3%
CVE-2020-12111 HIGH POC This Week

Certain TP-Link devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection TP-Link Nc260 Firmware Nc450 Firmware
NVD
CVSS 3.1
8.8
EPSS
8.0%
CVE-2020-11671 HIGH POC This Week

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Teampass
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-10876 HIGH POC This Week

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oklok
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5335 HIGH This Week

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Archer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11443 HIGH This Week

The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure It Installer
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-5343 HIGH PATCH This Week

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Dell Os Recovery Image For Microsoft Windows 10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10622 HIGH This Week

LCDS LAquis SCADA Versions 4.3.1 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Laquis Scada
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-8018 HIGH This Week

A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Enterprise Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12642 HIGH PATCH This Week

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11462 HIGH This Week

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn Access Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10187 HIGH PATCH This Week

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Doorkeeper
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11842 HIGH This Week

Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Verastream Host Integrator
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5332 HIGH This Week

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Archer
NVD
CVSS 3.1
7.2
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy