Skip to main content
CVE-2020-12832 CRITICAL POC PATCH Act Now

WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Simple File List
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2020-12763 CRITICAL POC Act Now

TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Tv Ip512Wn Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-11073 HIGH POC PATCH This Week

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python RCE Command Injection Autoswitch Python Virtualenv
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-2001 CRITICAL Act Now

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-9502 CRITICAL Act Now

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dahua Information Disclosure Sd6Al Firmware Sd5A Firmware Sd1A Firmware +17
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7454 CRITICAL Act Now

In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-10654 CRITICAL Act Now

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pingid Ssh Integration
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-12831 MEDIUM POC PATCH This Month

An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Free Range Routing
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-2018 CRITICAL Act Now

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2020-2015 HIGH This Week

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-2014 HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-2013 HIGH This Week

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-2006 HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-1998 HIGH This Week

An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-1714 HIGH PATCH This Week

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Keycloak Decision Manager Jboss Fuse +4
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-5407 HIGH PATCH This Week

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jwt Attack Spring Security
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-12427 HIGH This Week

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Apple Wd Discovery
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-2002 HIGH This Week

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2020-2012 HIGH This Week

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XXE Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-2011 HIGH This Week

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-3341 HIGH This Week

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-3327 HIGH This Week

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-2010 HIGH This Week

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-2009 HIGH This Week

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-2008 HIGH This Week

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-2007 HIGH This Week

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-2016 HIGH This Week

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2020-2003 MEDIUM This Month

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2017 MEDIUM This Month

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2005 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-1997 MEDIUM This Month

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Open Redirect Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8020 MEDIUM This Month

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Build Service Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12742 MEDIUM PATCH This Month

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Iubenda Cookie Law Solution
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-12699 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Direct Mail
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2004 MEDIUM This Month

Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Paloalto Google Information Disclosure +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9501 MEDIUM This Month

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dahua Information Disclosure Web P2P
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-7455 MEDIUM This Month

In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-11065 MEDIUM PATCH This Month

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-11064 MEDIUM PATCH This Month

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-1993 MEDIUM This Month

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Session Fixation Information Disclosure Pan Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-11070 MEDIUM PATCH This Month

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Svg Sanitizer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-1996 MEDIUM This Month

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-12697 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Direct Mail
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-1995 MEDIUM This Month

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-5838 MEDIUM This Month

Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS It Analytics
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-1994 MEDIUM This Month

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-4312 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12700 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12698 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-11063 LOW PATCH Monitor

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
3.7
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy