Skip to main content
CVE-2020-13768 CRITICAL POC Act Now

In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Minishare
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-10549 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
36.2%
CVE-2020-10548 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
36.1%
CVE-2020-10547 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
36.1%
CVE-2020-10546 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
87.3%
CVE-2020-11679 HIGH POC This Week

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Nextgen Dvr Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-12851 HIGH POC This Week

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cells
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-13822 HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow Integer Overflow Elliptic
NVD GitHub
CVSS 3.1
7.7
EPSS
2.6%
CVE-2020-7661 HIGH POC This Week

all versions of url-regex are vulnerable to Regular Expression Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Url Regex
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-12847 HIGH POC This Week

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-12852 MEDIUM POC This Month

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2020-12853 MEDIUM POC This Month

Pydio Cells 2.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13827 MEDIUM POC This Month

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phplist
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13835 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-13832 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13831 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-13814 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-13805 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-13804 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-4193 CRITICAL Act Now

IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9292 CRITICAL Act Now

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Fortisiem Windows Agent
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11094 CRITICAL PATCH Act Now

The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debugbar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-7030 MEDIUM POC This Month

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Information Disclosure Ip Office
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-13833 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-11681 HIGH This Week

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nextgen Dvr Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-13813 HIGH This Week

An issue was discovered in Foxit Studio Photo before 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13812 HIGH This Week

An issue was discovered in Foxit Studio Photo before 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13811 HIGH This Week

An issue was discovered in Foxit Studio Photo before 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-13692 HIGH PATCH This Week

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PostgreSQL XXE Postgresql Jdbc Driver Quarkus Steelstore Cloud Integrated Storage +2
NVD GitHub
CVSS 3.1
7.7
EPSS
4.1%
CVE-2020-4509 HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2020-13849 HIGH This Week

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mqtt
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-13848 HIGH PATCH This Week

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libupnp Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-13836 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Path Traversal Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-13834 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-13830 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-13829 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-13815 HIGH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13810 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13809 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13808 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13807 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13806 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13803 HIGH PATCH This Week

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-13818 HIGH This Week

In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
37.0%
CVE-2020-13817 HIGH PATCH This Week

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Ntp Cloud Backup Clustered Data Ontap Data Ontap +21
NVD
CVSS 3.1
7.4
EPSS
4.1%
CVE-2020-13777 HIGH This Week

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gnutls Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.4
EPSS
17.5%
CVE-2020-11682 MEDIUM This Month

Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nextgen Dvr Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-11680 MEDIUM This Month

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextgen Dvr Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-4183 MEDIUM This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13800 MEDIUM This Month

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
6.0
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy