Skip to main content
CVE-2020-9480 CRITICAL POC PATCH THREAT Act Now

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Apache Authentication Bypass Spark Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
29.2%
CVE-2020-14993 CRITICAL POC Act Now

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor2960 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2020-14938 CRITICAL POC Act Now

An issue was discovered in map.c in FreedroidRPG 1.0rc2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Freedroidrpg
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-13155 HIGH POC This Week

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-14978 HIGH POC This Week

An issue was discovered in F-Secure SAFE 17.7 on macOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Safe
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2020-14977 HIGH POC This Week

An issue was discovered in F-Secure SAFE 17.7 on macOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Safe
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2020-14975 HIGH POC This Week

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Iobit Unlocker
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14939 HIGH POC This Week

An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Freedroidrpg
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-7668 HIGH POC PATCH This Week

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Compression And Archive Extensions Tz Project
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7664 HIGH POC PATCH This Week

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Compression And Archive Extensions Zip Project
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-14940 HIGH POC This Week

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Tuxguitar
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-14974 HIGH POC PATCH This Week

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Iobit Unlocker
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-13157 MEDIUM POC This Month

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13156 MEDIUM POC This Month

modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-5594 CRITICAL Act Now

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq R Firmware Melsec Iq F Firmware Melsec Q Firmware Melsec L Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12782 CRITICAL Act Now

Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Mailaudit Mailgates
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-14976 MEDIUM POC PATCH This Month

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple Ubridge
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14073 MEDIUM POC This Month

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prtg Network Monitor
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2020-12021 CRITICAL Act Now

In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Pi Web Api
NVD
CVSS 3.1
9.0
EPSS
1.6%
CVE-2020-12033 HIGH This Week

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Services Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-11068 HIGH PATCH This Week

In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Loramac Node
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-5367 HIGH This Week

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Unisphere For Powermax Emc Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-14971 HIGH PATCH This Week

Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP Pi Hole
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9438 MEDIUM This Month

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Smart Wifi Door Lock Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-5345 MEDIUM This Month

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unisphere For Powermax Emc Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4188 MEDIUM This Month

IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4028 MEDIUM This Month

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14965 MEDIUM This Month

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS CSRF TP-Link Tl Wr740N Firmware Tl Wr740Nd Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy