Skip to main content
CVE-2020-14945 HIGH POC THREAT This Week

A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
11.4%
CVE-2020-14203 HIGH POC This Week

WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Webfocus Business Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14461 HIGH POC This Week

Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Path Traversal Wap6806 Firmware
NVD Exploit-DB
CVSS 3.1
8.6
EPSS
9.5%
CVE-2020-14966 HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack Canonical Jsrsasign +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-14049 HIGH POC This Week

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Viber
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-13158 HIGH POC THREAT This Week

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Artica Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
53.5%
CVE-2020-8903 HIGH POC PATCH This Week

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated high severity (CVSS 7.3). Public exploit code available.

Google Privilege Escalation Guest Oslogin Leap
NVD GitHub
CVSS 4.0
7.3
EPSS
0.3%
CVE-2020-14960 HIGH POC PATCH This Week

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-14990 HIGH POC This Week

IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-13887 HIGH This Week

documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Kordil Edms
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8102 HIGH This Week

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Total Security 2020
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-13279 HIGH This Week

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE Gitlab Vscode Extension
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2020-14204 HIGH This Week

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webfocus Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.9%
CVE-2020-6644 HIGH This Week

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortideceptor
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-10736 HIGH This Week

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ceph
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-11520 HIGH This Week

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Securedoc
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11519 HIGH This Week

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Securedoc
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-3676 HIGH This Week

Possible memory corruption in perfservice due to improper validation array length taken from user application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8096Au Firmware Apq8098 Firmware Kamorta Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3665 HIGH This Week

A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3642 HIGH This Week

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Denial Of Service Memory Corruption Kamorta Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3635 HIGH This Week

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8053 Firmware Apq8096Au Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3626 HIGH This Week

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3613 HIGH This Week

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Sm8150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-14969 HIGH PATCH This Week

app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4031 HIGH PATCH This Week

In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Freerdp Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10740 HIGH PATCH This Week

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wildfly
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-4066 HIGH PATCH This Week

In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Limdu
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy