Skip to main content
CVE-2020-13643 HIGH POC This Week

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Page Builder
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-13642 HIGH POC This Week

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Page Builder
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-13641 HIGH POC This Week

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Real Time Find And Replace
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-13645 MEDIUM POC This Month

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Balsa Glib Networking Ubuntu Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-13245 MEDIUM POC This Month

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Information Disclosure R6120 Firmware R6220 Firmware R6350 Firmware +11
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-11079 CRITICAL PATCH Act Now

node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Node.js RCE Code Injection Node Dns Sync
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7812 CRITICAL Act Now

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ezhttptrans
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13644 MEDIUM POC This Month

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Accordion
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13660 MEDIUM POC This Month

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-11950 HIGH This Week

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cc9381 Hv Firmware Fd9360 H Firmware Fd9368 Htv Firmware Fd9380 H Firmware +196
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-13173 HIGH This Week

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Information Disclosure Pcoip Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-8330 HIGH This Week

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service Lj4010Dn Firmware Lj6700Dn Firmware M8960Dnf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8329 HIGH This Week

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service Lj4010Dn Firmware Lj6700Dn Firmware M8960Dnf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-4245 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4232 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13649 HIGH PATCH This Week

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-4246 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-4249 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4231 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-11949 MEDIUM This Month

testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cc9381 Hv Firmware Fd9360 H Firmware Fd9368 Htv Firmware Fd9380 H Firmware +190
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-11082 MEDIUM PATCH This Month

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Kaminari Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-5357 MEDIUM This Month

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. Rated medium severity (CVSS 6.0). No vendor patch available.

Dell Information Disclosure Dock Wd15 Firmware Dock Wd19 Firmware Thunderbolt Dock Tb16 Firmware +1
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-4419 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4244 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4233 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-13361 LOW PATCH Monitor

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Debian Linux Leap +1
NVD
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-13362 LOW PATCH Monitor

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu Debian Linux Leap +1
NVD
CVSS 3.1
3.2
EPSS
0.4%
CVE-2020-4248 LOW Monitor

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
2.7
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy