Skip to main content
CVE-2020-14011 CRITICAL POC THREAT Act Now

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lansweeper
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.5%
CVE-2020-5754 CRITICAL POC Act Now

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Endpoint Agents
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-5742 HIGH POC This Week

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Media Server
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-14076 HIGH POC This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-5755 HIGH POC This Week

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Endpoint Agents
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-14149 HIGH POC PATCH This Week

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Uftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-14153 HIGH POC This Week

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libjpeg
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-12019 CRITICAL Act Now

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-12001 CRITICAL Act Now

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Factorytalk Linx Rslinx Classic
NVD
CVSS 3.1
9.8
EPSS
11.5%
CVE-2020-11969 CRITICAL PATCH Act Now

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomee
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-14034 CRITICAL PATCH Act Now

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Janus
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-14033 CRITICAL PATCH Act Now

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Janus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-14054 CRITICAL Act Now

SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gnr5 Vanguard Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-4469 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
13.4%
CVE-2020-4216 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-0595 CRITICAL Act Now

Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Use After Free Intel +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-0594 CRITICAL Act Now

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-14080 CRITICAL Act Now

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-14067 CRITICAL PATCH Act Now

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Navigatecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-14146 MEDIUM POC This Month

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kumbiaphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14159 HIGH This Week

By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Automate Api
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-14156 HIGH PATCH This Week

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Openbmc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14081 HIGH This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-14079 HIGH This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-14078 HIGH This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14077 HIGH This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14075 HIGH This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-14074 HIGH This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-11999 HIGH This Week

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Factorytalk Linx Rslinx Classic
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-4470 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2020-5358 HIGH This Week

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-13651 HIGH This Week

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Digdash
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-3961 HIGH This Week

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft VMware Horizon Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-13150 HIGH This Week

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0586 HIGH This Week

Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Server Platform Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0542 HIGH This Week

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Information Disclosure Converged Security Management Engine Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0529 HIGH This Week

Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Core I5 7600K Firmware Core I5 7600T Firmware Core I5 7600 Firmware +75
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0528 HIGH This Week

Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Core I5 7600K Firmware Core I5 7600T Firmware +76
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14147 HIGH PATCH This Week

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Redis Integer Overflow Communications Operations Monitor +2
NVD GitHub
CVSS 3.1
7.7
EPSS
3.1%
CVE-2020-14163 HIGH PATCH This Week

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-12005 HIGH This Week

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Factorytalk Linx Rslinx Classic
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12003 HIGH This Week

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Factorytalk Linx Rslinx Classic
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-13650 HIGH This Week

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Digdash
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-14148 HIGH PATCH This Week

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ngircd Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-4494 HIGH This Week

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Microsoft Authentication Bypass Spectrum Protect Client Spectrum Protect For Space Management
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-0597 HIGH This Week

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Intel Information Disclosure Software Manager +1
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-0596 HIGH This Week

Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Active Management Technology Firmware Service Manager
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-0540 HIGH This Week

Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Active Management Technology Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-0538 HIGH This Week

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Active Management Technology Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-0536 HIGH This Week

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy