Skip to main content
CVE-2020-4429 CRITICAL POC PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

RCE IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2020-4427 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
70.0%
CVE-2020-4428 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Data Risk Manager
NVD
CVSS 3.1
9.1
EPSS
61.7%
CVE-2020-10794 CRITICAL POC Act Now

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tks Ip Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10176 CRITICAL POC Act Now

ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Yale Wipc 301W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7646 CRITICAL POC Act Now

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Curlrequest
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-9474 HIGH POC This Week

The S. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sg 150 0 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6081 HIGH POC This Week

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Runtime
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-12608 HIGH POC THREAT This Week

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Managed Service Provider Patch Management Engine
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
22.4%
CVE-2020-12116 HIGH POC THREAT This Week

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
97.4%
CVE-2020-10973 HIGH POC This Week

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wn530Hg4 Firmware Wn531G3 Firmware Wn533A8 Firmware Wn551K1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
7.8%
CVE-2020-8982 HIGH POC THREAT This Week

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
27.1%
CVE-2020-5745 HIGH POC This Week

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tcexam
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-10795 HIGH POC This Week

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Tks Ip Gateway Firmware
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2020-9475 HIGH POC This Week

The S. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sg 150 0 Firmware
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-12708 MEDIUM POC This Month

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12707 MEDIUM POC PATCH This Month

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Lepton Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-12704 MEDIUM POC This Month

UliCMS before 2020.2 has PageController stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ulicms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5750 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5748 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11047 MEDIUM POC PATCH This Month

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-11042 MEDIUM POC PATCH This Month

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2020-11052 CRITICAL PATCH Act Now

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sorcery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7805 CRITICAL Act Now

An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iml500 Firmware Iml520 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-12706 MEDIUM POC PATCH This Month

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2020-5751 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5749 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5747 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5746 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11431 CRITICAL PATCH Act Now

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Clear Reports Helpdesk Pdfc
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2020-5744 MEDIUM POC This Month

Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tcexam
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-7803 HIGH This Week

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Zoneplayer
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10971 HIGH This Week

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wl Wn575A3 Firmware Wl Wn530Hg4 Firmware Wl Wn579G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-12691 HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-12690 HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-12689 HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Keystone Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-5743 MEDIUM POC This Month

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tcexam
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-11050 HIGH PATCH This Week

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Websocket
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-5894 HIGH This Week

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Nginx Nginx Controller
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-10916 HIGH This Week

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Wa855Re Firmware
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2020-6652 HIGH This Week

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5895 HIGH This Week

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10974 HIGH This Week

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wl Wn575A3 Firmware Wl Wn579G3 Firmware Wn531A6 Firmware Wn535G3 Firmware +9
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10972 HIGH This Week

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wn530Hg4 Firmware Wn531G3 Firmware Wn572Hg3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8983 HIGH This Week

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-7473 HIGH This Week

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
14.3%
CVE-2020-11045 LOW POC PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
1.7%
CVE-2020-6651 HIGH This Week

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Intelligent Power Manager
NVD
CVSS 3.1
7.3
EPSS
2.1%
CVE-2020-12687 MEDIUM PATCH This Month

An issue was discovered in Serpico before 1.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Serpico
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-11056 MEDIUM PATCH This Month

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Sprout Forms
NVD GitHub
CVSS 3.1
6.3
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy