Skip to main content
CVE-2020-13901 CRITICAL POC PATCH Act Now

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Janus
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7675 CRITICAL POC Act Now

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cd Messenger
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7674 CRITICAL POC Act Now

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Access Policy
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7673 CRITICAL POC Act Now

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Node Extend
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-13445 HIGH POC PATCH This Week

In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Liferay Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-7672 HIGH POC This Week

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mosc
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-13900 HIGH POC PATCH This Week

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-13899 HIGH POC PATCH This Week

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13898 HIGH POC PATCH This Week

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-14010 MEDIUM POC This Month

The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Xenon
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4043 CRITICAL PATCH Act Now

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Phpmussel
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-12757 CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-0117 CRITICAL PATCH Act Now

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6275 CRITICAL Act Now

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-6263 CRITICAL Act Now

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-14012 MEDIUM POC This Month

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-11798 MEDIUM POC THREAT This Month

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Micollab Audio Web Video Conferencing
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
45.2%
CVE-2020-7589 CRITICAL Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Logo 8 Bm Firmware
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2020-13905 HIGH This Week

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-2026 HIGH PATCH This Week

A malicious guest compromised before a container creation (e.g. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Runtime Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13270 HIGH This Week

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6271 HIGH This Week

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Solution Manager
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-6268 HIGH This Week

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp Ea Finserv Erp S4Core
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-13906 HIGH This Week

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-0118 HIGH PATCH This Week

In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0115 HIGH PATCH This Week

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0114 HIGH PATCH This Week

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7586 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7585 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 Sinamics Starter
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7280 HIGH This Week

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Virusscan Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7279 HIGH This Week

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Host Intrusion Prevention
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-13238 HIGH This Week

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R00Cpu Firmware Melsec Iq R01Cpu Firmware Melsec Iq R02Cpu Firmware Melsec Iq R04Cpu Firmware +17
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-11622 HIGH This Week

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudeos Veos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10705 HIGH PATCH This Week

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Undertow Oncommand Insight Jboss Enterprise Application Platform Openshift Application Runtimes
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13223 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7671 HIGH This Week

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Goliath
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7670 HIGH This Week

agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Agoo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6264 HIGH This Week

SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-4436 HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-4435 HIGH This Week

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption Aspera Application Platform On Demand +9
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4434 HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-4433 HIGH This Week

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-4432 HIGH This Week

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Aspera Application Platform On Demand Aspera Faspex On Demand Aspera High Speed Transfer Endpoint +7
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-2029 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-2028 HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-2027 HIGH This Week

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-2032 HIGH This Week

A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Paloalto Microsoft Information Disclosure Globalprotect
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-5363 MEDIUM This Month

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Latitude 5300 Firmware Latitude 5300 2 In 1 Firmware Latitude 5400 Firmware +15
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-7580 MEDIUM This Month

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Simatic Automatic Tool Simatic Net Pc Simatic Pcs 7 Simatic Pcs Neo +13
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-13444 MEDIUM PATCH This Month

Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
1.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy