Skip to main content
CVE-2020-7012 HIGH POC THREAT Act Now

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Code Injection Kibana
NVD
CVSS 3.1
8.8
EPSS
18.2%
CVE-2020-13756 CRITICAL POC PATCH THREAT Act Now

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection PHP Php Css Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
55.1%
CVE-2020-7115 CRITICAL POC THREAT Act Now

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
64.6%
CVE-2020-6419 HIGH POC This Week

Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13786 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 865L Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13782 HIGH POC THREAT This Week

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 865L Firmware
NVD
CVSS 3.1
8.8
EPSS
27.1%
CVE-2020-13379 HIGH POC PATCH THREAT This Week

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana SSRF Fedora E Series Performance Analyzer Leap +1
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
99.9%
CVE-2020-13790 HIGH POC PATCH This Week

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libjpeg Turbo Mozjpeg
NVD GitHub
CVSS 3.1
8.1
EPSS
3.2%
CVE-2020-13787 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-13785 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-13784 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13783 HIGH POC This Week

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 865L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-6503 MEDIUM POC This Month

Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-3258 CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Apple iOS
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-3227 CRITICAL Act Now

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-3198 CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Apple iOS
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-4177 CRITICAL PATCH Act Now

IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-10516 CRITICAL Act Now

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Github
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6493 CRITICAL Act Now

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
9.6
EPSS
1.7%
CVE-2020-1963 CRITICAL PATCH Act Now

Apache Ignite uses H2 database to build SQL distributed execution engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ignite
NVD
CVSS 3.1
9.1
EPSS
5.0%
CVE-2020-5296 MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure October
NVD GitHub
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-5295 MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure LFI PHP October
NVD GitHub Exploit-DB
CVSS 3.1
4.9
EPSS
7.4%
CVE-2020-6496 HIGH This Week

Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple Google Use After Free +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6453 HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-5298 MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-7014 HIGH PATCH This Week

The fix for CVE-2020-7009 was found to be incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-3281 HIGH PATCH This Week

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Digital Network Architecture Center
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3234 HIGH PATCH This Week

A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Cisco Authentication Bypass Apple iOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-3229 HIGH PATCH This Week

A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-3224 HIGH PATCH This Week

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Denial Of Service Command Injection Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3219 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-3217 HIGH PATCH This Week

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Cisco RCE Denial Of Service Apple iOS +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3205 HIGH PATCH This Week

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Apple iOS
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3199 HIGH This Week

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Denial Of Service Apple iOS
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-4180 HIGH PATCH This Week

IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-2200 HIGH This Week

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Play Framework
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-3228 HIGH PATCH This Week

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Microsoft Apple iOS +2
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-3226 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-3225 HIGH PATCH This Week

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2020-3221 HIGH PATCH This Week

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3203 HIGH PATCH This Week

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2020-6504 MEDIUM POC This Month

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-13792 MEDIUM POC This Month

PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Playtube
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-3257 HIGH PATCH This Week

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000). Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Cisco RCE Denial Of Service Apple iOS
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-3238 HIGH This Week

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-12846 HIGH This Week

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Zimbra Collaboration Suite
NVD
CVSS 3.1
8.0
EPSS
2.6%
CVE-2020-2196 HIGH This Week

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Selenium
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-3235 HIGH PATCH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe +1
NVD
CVSS 3.1
7.7
EPSS
1.6%
CVE-2020-3232 HIGH PATCH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2020-3200 HIGH PATCH This Week

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy