Skip to main content
CVE-2020-5741 HIGH POC KEV THREAT Act Now

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Microsoft Deserialization Media Server
NVD
CVSS 3.1
7.2
EPSS
72.8%
CVE-2020-11531 HIGH POC THREAT This Week

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Adaudit Plus Manageengine Datasecurity Plus
NVD
CVSS 3.1
8.8
EPSS
13.7%
CVE-2020-12026 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-7267 HIGH This Week

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Virusscan Enterprise
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7266 HIGH This Week

Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Virusscan Enterprise
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7265 HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2020-7264 HIGH This Week

Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2018-20225 HIGH This Week

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pip
NVD VulDB
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-7291 HIGH This Week

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Active Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7290 HIGH This Week

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Active Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7289 HIGH This Week

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Active Response
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7288 HIGH This Week

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Detection And Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7287 HIGH This Week

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Detection And Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7286 HIGH This Week

Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Detection And Response
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7285 HIGH This Week

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mvision Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-12018 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webaccess
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-12014 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-12719 HIGH This Week

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-12010 HIGH This Week

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy