Skip to main content
CVE-2020-8149 CRITICAL POC PATCH Act Now

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Code Injection Logkitty
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-13092 CRITICAL POC PATCH Act Now

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Scikit Learn
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13091 CRITICAL POC PATCH Act Now

pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization pandas
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-12651 CRITICAL POC Act Now

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Securecrt
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-12834 CRITICAL POC THREAT Act Now

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Homematic Ccu2 Firmware Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2020-12798 HIGH POC This Week

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Universal Forensic Extraction Device Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-11524 MEDIUM POC PATCH This Month

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.6
EPSS
1.8%
CVE-2020-11523 MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
2.0%
CVE-2020-11521 MEDIUM POC PATCH This Month

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
6.6
EPSS
1.9%
CVE-2020-11522 MEDIUM POC PATCH This Month

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-12889 CRITICAL PATCH Act Now

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp Maltego
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-12872 MEDIUM POC This Month

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yaws
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-3810 MEDIUM POC PATCH This Month

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apt Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-12882 MEDIUM POC This Month

Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Submitty
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-8100 HIGH This Week

Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Engines
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-1808 HIGH This Week

Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor View 20 Firmware Honor 20 Firmware +2
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-11526 LOW POC PATCH Monitor

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
2.2
EPSS
2.0%
CVE-2020-11525 LOW POC PATCH Monitor

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
2.2
EPSS
1.7%
CVE-2020-12685 MEDIUM PATCH This Month

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Interchange
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7809 MEDIUM This Month

ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Alsong
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-1758 MEDIUM PATCH This Month

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Keycloak Openstack
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-13093 MEDIUM This Month

iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Agent Dvr
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-12888 MEDIUM This Month

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. Rated medium severity (CVSS 5.3). No vendor patch available.

Linux Information Disclosure Linux Kernel Fedora Leap +22
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-10744 MEDIUM PATCH This Month

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Ansible Ansible Tower
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2020-11931 LOW Monitor

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Authentication Bypass Pulseaudio Ubuntu Linux
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-9073 LOW Monitor

Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P20 Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy