Skip to main content
CVE-2020-11057 HIGH POC PATCH This Week

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-12772 HIGH POC This Week

An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Spark
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11060 HIGH POC PATCH THREAT This Week

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Glpi
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
10.9%
CVE-2020-8153 HIGH POC This Week

Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Group Folders Fedora
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2020-8154 HIGH POC This Week

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
7.7
EPSS
1.8%
CVE-2020-12825 HIGH POC This Week

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libcroco
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-1718 HIGH PATCH This Week

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Fuse Keycloak Openshift Application Runtimes
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6262 HIGH This Week

Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP Application Server
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6249 HIGH This Week

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Master Data Governance S4Core Master Data Governance S4Fnd Master Data Governance Sap Bs Fnd
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6243 HIGH This Week

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Microsoft Adaptive Server Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-6241 HIGH This Week

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Adaptive Server Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5897 HIGH This Week

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Use After Free Memory Corruption Information Disclosure Big Ip Access Policy Manager +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-11072 HIGH PATCH This Week

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slp Validate
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2020-11071 HIGH PATCH This Week

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slpjs
NVD GitHub
CVSS 3.1
8.6
EPSS
0.9%
CVE-2020-6252 HIGH This Week

Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Adaptive Server Enterprise Cockpit
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-6244 HIGH This Week

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Business Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5896 HIGH This Week

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6247 HIGH This Week

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-6240 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1763 HIGH PATCH This Week

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Libreswan
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-8151 HIGH PATCH This Week

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Active Resource Fedora
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-6253 HIGH This Week

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Adaptive Server Enterprise
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-6248 HIGH This Week

SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Adaptive Server Enterprise Backup Server
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-8156 HIGH This Week

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nextcloud Information Disclosure Mail Fedora
NVD
CVSS 3.1
7.0
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy