Skip to main content
CVE-2020-12720 CRITICAL POC THREAT Emergency

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vbulletin
NVD GitHub
CVSS 3.1
9.8
EPSS
88.9%
CVE-2020-5741 HIGH POC KEV THREAT Act Now

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Microsoft Deserialization Media Server
NVD
CVSS 3.1
7.2
EPSS
72.8%
CVE-2020-11532 CRITICAL POC PATCH THREAT Act Now

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho Authentication Bypass Manageengine Adaudit Plus Manageengine Datasecurity Plus
NVD
CVSS 3.1
9.8
EPSS
77.5%
CVE-2020-11530 CRITICAL POC THREAT Act Now

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Chop Slider
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
95.7%
CVE-2020-12735 CRITICAL POC Act Now

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Domainmod
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12740 CRITICAL POC Act Now

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%
CVE-2020-11531 HIGH POC THREAT This Week

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Adaudit Plus Manageengine Datasecurity Plus
NVD
CVSS 3.1
8.8
EPSS
13.7%
CVE-2020-6616 MEDIUM POC This Month

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Broadcom Android Ipados +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12737 MEDIUM POC This Month

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Path Traversal Rumpus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-12022 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Webaccess
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12006 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-12002 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2020-10638 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2020-12718 MEDIUM POC This Month

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-12026 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-7267 HIGH This Week

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Virusscan Enterprise
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7266 HIGH This Week

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Virusscan Enterprise
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7265 HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7264 HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2018-20225 HIGH This Week

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pip
NVD VulDB
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-7291 HIGH This Week

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Active Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7290 HIGH This Week

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Active Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7289 HIGH This Week

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Active Response
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7288 HIGH This Week

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Detection And Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7287 HIGH This Week

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Detection And Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7286 HIGH This Week

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Detection And Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7285 HIGH This Week

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mvision Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-12018 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webaccess
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-12014 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-12719 HIGH This Week

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-12010 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-10690 MEDIUM PATCH This Month

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. Rated medium severity (CVSS 6.4). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Linux Kernel Enterprise Linux +20
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-11541 MEDIUM This Month

In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Snagit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12680 MEDIUM This Month

Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Free Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11006 MEDIUM PATCH This Month

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shopizer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy