Skip to main content
CVE-2020-13640 CRITICAL POC PATCH THREAT Act Now

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress SQLi Wpdiscuz
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2020-14421 HIGH POC This Week

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aapanel
NVD GitHub
CVSS 3.1
7.2
EPSS
6.0%
CVE-2020-14446 MEDIUM POC This Month

An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Identity Server Identity Server As Key Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-11503 CRITICAL Act Now

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos Memory Corruption Sfos
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-3361 CRITICAL Act Now

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Webex Meetings Server
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-14445 MEDIUM POC This Month

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Identity Server Identity Server As Key Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14444 MEDIUM POC This Month

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Identity Server Identity Server As Key Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-12886 CRITICAL Act Now

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mbed Os
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-12884 CRITICAL Act Now

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mbed Os
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-12883 CRITICAL Act Now

Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mbed Os
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2020-14443 HIGH PATCH This Week

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Dolibarr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-14442 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14441 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14440 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-14439 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-14438 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14437 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14436 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-14435 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Srk60 Firmware Srs60 Firmware Srr60 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-14432 HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-14431 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-14430 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14429 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mk62 Firmware Mk63 Firmware Mr60 Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-14428 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-14427 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14426 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-3342 HIGH This Week

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Webex Meetings
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-9225 HIGH This Week

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fusionsphere Openstack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-12887 HIGH PATCH This Week

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Mbed Coap
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-12885 HIGH This Week

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mbed Os
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-3263 HIGH This Week

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco RCE Webex Meetings
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-4059 HIGH PATCH This Week

In mversion before 2.0.0, there is a command injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js RCE Command Injection Mversion
NVD GitHub
CVSS 3.1
7.3
EPSS
2.6%
CVE-2020-3336 HIGH This Week

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Command Injection Roomos Telepresence Collaboration Endpoint
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-3296 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3295 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3294 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3293 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3292 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3291 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3290 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3289 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3288 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3287 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3286 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3279 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3278 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3277 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3276 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3275 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3274 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy