Skip to main content
CVE-2020-9474 HIGH POC This Week

The S. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sg 150 0 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6081 HIGH POC This Week

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Runtime
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-12608 HIGH POC THREAT This Week

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Managed Service Provider Patch Management Engine
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
22.4%
CVE-2020-12116 HIGH POC THREAT This Week

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
97.4%
CVE-2020-10973 HIGH POC This Week

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wn530Hg4 Firmware Wn531G3 Firmware Wn533A8 Firmware Wn551K1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
7.8%
CVE-2020-8982 HIGH POC THREAT This Week

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
27.1%
CVE-2020-5745 HIGH POC This Week

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tcexam
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-10795 HIGH POC This Week

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Tks Ip Gateway Firmware
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2020-9475 HIGH POC This Week

The S. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sg 150 0 Firmware
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-7803 HIGH This Week

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Zoneplayer
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10971 HIGH This Week

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wl Wn575A3 Firmware Wl Wn530Hg4 Firmware Wl Wn579G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-12691 HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-12690 HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-12689 HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Keystone Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-11050 HIGH PATCH This Week

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Websocket
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-5894 HIGH This Week

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Nginx Nginx Controller
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-10916 HIGH This Week

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Wa855Re Firmware
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2020-6652 HIGH This Week

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5895 HIGH This Week

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10974 HIGH This Week

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wl Wn575A3 Firmware Wl Wn579G3 Firmware Wn531A6 Firmware Wn535G3 Firmware +9
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10972 HIGH This Week

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wn530Hg4 Firmware Wn531G3 Firmware Wn572Hg3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8983 HIGH This Week

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-7473 HIGH This Week

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
14.3%
CVE-2020-6651 HIGH This Week

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Intelligent Power Manager
NVD
CVSS 3.1
7.3
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy