Skip to main content
CVE-2020-6110 HIGH POC This Week

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Zoom
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-13885 HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix Workspace App
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13884 HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix Workspace App
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13866 HIGH POC This Week

WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wingate
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-13960 HIGH POC This Week

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl 2730U Firmware Dir 600M Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13432 HIGH POC PATCH THREAT This Week

rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Http File Server
NVD GitHub
CVSS 3.1
7.5
EPSS
30.9%
CVE-2020-13625 HIGH POC PATCH This Week

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Phpmailer Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-8172 HIGH POC PATCH This Week

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Node Js Banking Extensibility Workbench Blockchain Platform Graalvm +1
NVD
CVSS 3.1
7.4
EPSS
6.1%
CVE-2020-9042 HIGH This Week

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Couchbase Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-12773 HIGH This Week

A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Adsl Router Soc Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-13428 HIGH PATCH This Week

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-5304 HIGH This Week

The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Whitesource
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-12695 HIGH This Week

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Unifi Controller Hostapd Rt N11 Adsl +213
NVD GitHub
CVSS 3.1
7.5
EPSS
15.2%
CVE-2020-9041 HIGH This Week

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server Sync Gateway
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9040 HIGH This Week

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Couchbase Server Java Sdk
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4038 HIGH PATCH This Week

GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Graphql Playground Html Graphql Playground Middleware Express Graphql Playground Middleware Hapi +2
NVD GitHub
CVSS 3.1
7.4
EPSS
7.2%
CVE-2020-4529 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Maximo Asset Management
NVD
CVSS 3.1
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy