Skip to main content
CVE-2020-13656 CRITICAL POC Act Now

In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hobbes
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-14004 HIGH POC PATCH This Week

An issue was discovered in Icinga2 before v2.12.0-rc1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Icinga Backports Sle Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-9633 CRITICAL Act Now

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Adobe Memory Corruption RCE +4
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2020-3928 CRITICAL Act Now

GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Geovision Gv As210 Firmware Geovision Gv As410 Firmware Geovision Gv As810 Firmware Geovision Gv As1010 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-9636 HIGH PATCH This Week

Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-9635 HIGH PATCH This Week

Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-9634 HIGH PATCH This Week

Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Framemaker
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-10752 HIGH PATCH This Week

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Openshift Container Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-9645 HIGH PATCH This Week

Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-9643 HIGH PATCH This Week

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-14048 HIGH This Week

Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2020-4047 MEDIUM PATCH This Month

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
3.5%
CVE-2020-11980 MEDIUM PATCH This Month

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation SSRF Karaf
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2020-11839 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-9651 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-9648 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-9647 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-3929 MEDIUM This Month

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Geovision Gv As210 Firmware Geovision Gv As410 Firmware Geovision Gv As810 Firmware Geovision Gv As1010 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-4048 MEDIUM PATCH This Month

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Open Redirect Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.7
EPSS
2.2%
CVE-2020-4046 MEDIUM This Month

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
2.4%
CVE-2020-9644 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2020-4251 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10732 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of Userspace core dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel Leap Ubuntu Linux +16
NVD GitHub
CVSS 3.1
4.4
EPSS
0.6%
CVE-2020-3930 LOW Monitor

GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gv Gf192X Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-4050 LOW PATCH Monitor

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

WordPress Information Disclosure Fedora Debian Linux
NVD GitHub
CVSS 3.1
3.1
EPSS
1.7%
CVE-2020-4049 LOW PATCH Monitor

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Fedora Debian Linux
NVD GitHub
CVSS 3.1
2.4
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy