Skip to main content
CVE-2020-11975 CRITICAL POC PATCH THREAT Act Now

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java Information Disclosure Unomi
NVD
CVSS 3.1
9.8
EPSS
29.9%
CVE-2020-13646 HIGH POC This Week

In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cheetah Free Wifi
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10071 CRITICAL PATCH Act Now

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-10070 CRITICAL PATCH Act Now

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-10062 CRITICAL PATCH Act Now

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-4450 CRITICAL PATCH Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2020-4448 CRITICAL PATCH Act Now

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
9.8
EPSS
12.2%
CVE-2020-13841 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13840 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13839 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-13865 MEDIUM POC This Month

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Elementor Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13864 MEDIUM POC This Month

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Elementor Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12849 MEDIUM POC This Month

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12848 MEDIUM POC This Month

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-10061 HIGH PATCH This Week

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-10878 HIGH PATCH This Week

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +14
NVD GitHub
CVSS 3.1
8.6
EPSS
4.9%
CVE-2020-10543 HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +12
NVD GitHub
CVSS 3.1
8.2
EPSS
11.3%
CVE-2020-9859 HIGH KEV THREAT This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-11492 HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker Information Disclosure Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-13842 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-5591 HIGH This Week

XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xack Dns
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10063 HIGH PATCH This Week

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-4449 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-12723 HIGH PATCH This Week

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Perl Oncommand Workflow Automation Snap Creator Framework Fedora +12
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2020-4229 HIGH PATCH This Week

IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Session Fixation Authentication Bypass Mobile Foundation
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-8103 HIGH This Week

A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Antivirus 2020
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-13868 MEDIUM PATCH This Month

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comments
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-10068 MEDIUM PATCH This Month

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-8555 MEDIUM PATCH This Month

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes SSRF Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
3.7%
CVE-2020-11696 MEDIUM This Month

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11697 MEDIUM This Month

In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13867 MEDIUM This Month

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Targetcli Fb Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13843 MEDIUM This Month

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-13870 MEDIUM PATCH This Month

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comments
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13869 MEDIUM PATCH This Month

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comments
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-9074 MEDIUM This Month

Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor 20 Pro Firmware Honor View 20 Firmware Honor 20 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-1883 MEDIUM This Month

Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy