Skip to main content
CVE-2020-14968 CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign Max Data
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-14967 CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign Max Data
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-14944 CRITICAL POC Act Now

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-14983 CRITICAL POC Act Now

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Chocolate Doom Crispy Doom Backports Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14972 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Pisay Online E Learning System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.4%
CVE-2020-13159 CRITICAL POC Act Now

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
9.3%
CVE-2020-8933 CRITICAL POC PATCH Act Now

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Guest Oslogin Leap
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2020-8907 CRITICAL POC PATCH Act Now

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Docker Guest Oslogin Leap
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2020-14945 HIGH POC THREAT This Week

A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
11.4%
CVE-2020-14203 HIGH POC This Week

WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Webfocus Business Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14461 HIGH POC This Week

Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Path Traversal Wap6806 Firmware
NVD Exploit-DB
CVSS 3.1
8.6
EPSS
9.5%
CVE-2020-14966 HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack Canonical Jsrsasign +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14049 HIGH POC This Week

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Viber
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-13158 HIGH POC THREAT This Week

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Artica Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
53.5%
CVE-2020-8903 HIGH POC PATCH This Week

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated high severity (CVSS 7.3). Public exploit code available.

Google Privilege Escalation Guest Oslogin Leap
NVD GitHub
CVSS 4.0
7.3
EPSS
0.3%
CVE-2020-14960 HIGH POC PATCH This Week

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-14990 HIGH POC This Week

IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-13426 MEDIUM POC This Month

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Multi Scheduler
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14973 MEDIUM POC This Month

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-13427 MEDIUM POC PATCH This Month

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Victorcms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14202 MEDIUM POC This Month

WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webfocus Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12053 CRITICAL Act Now

In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Stealth
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-11989 CRITICAL PATCH Act Now

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass Shiro
NVD
CVSS 3.1
9.8
EPSS
24.4%
CVE-2020-4068 CRITICAL PATCH Act Now

In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apnswift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-3663 CRITICAL Act Now

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3662 CRITICAL Act Now

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +30
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3661 CRITICAL Act Now

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3660 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3628 CRITICAL Act Now

Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8053 Firmware Rennell Firmware Sdx20 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-3614 CRITICAL Act Now

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-14943 MEDIUM POC This Month

The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.7%
CVE-2020-13480 MEDIUM POC This Month

Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Workforce Optimization
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-14962 MEDIUM POC This Month

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Image Photo Gallery Final Tiles Grid
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14959 MEDIUM POC This Month

Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Testimonials
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-3658 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-4062 CRITICAL PATCH Act Now

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Kubernetes Docker PostgreSQL Authentication Bypass Conjur Oss Helm Chart
NVD GitHub
CVSS 3.1
9.0
EPSS
1.4%
CVE-2020-13887 HIGH This Week

documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Kordil Edms
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8102 HIGH This Week

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Total Security 2020
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-13279 HIGH This Week

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE Gitlab Vscode Extension
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2020-14946 MEDIUM POC This Month

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
7.7%
CVE-2020-14204 HIGH This Week

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webfocus Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.9%
CVE-2020-6644 HIGH This Week

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortideceptor
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-10736 HIGH This Week

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ceph
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-11520 HIGH This Week

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Securedoc
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11519 HIGH This Week

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Securedoc
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-3676 HIGH This Week

Possible memory corruption in perfservice due to improper validation array length taken from user application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8096Au Firmware Apq8098 Firmware Kamorta Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3665 HIGH This Week

A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3642 HIGH This Week

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Denial Of Service Memory Corruption Kamorta Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3635 HIGH This Week

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8053 Firmware Apq8096Au Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3626 HIGH This Week

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy