Skip to main content
CVE-2020-8816 HIGH POC KEV PATCH THREAT Act Now

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Pi Hole
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
78.2%
CVE-2020-13634 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Windows Master
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1832 HIGH This Week

E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption E6878 370 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-12675 HIGH This Week

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE PHP Google +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-7654 HIGH PATCH This Week

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Broker
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-6937 HIGH This Week

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mule Runtime
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-1870 HIGH This Week

There is a denial of service vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Cloudengine 12800 Firmware Cloudengine 6800 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-3957 HIGH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-4352 HIGH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy