Skip to main content
CVE-2020-15046 HIGH POC This Week

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF X10Drh It Bios X10Drh It Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-13443 HIGH POC This Week

ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Expressionengine
NVD GitHub
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-15014 HIGH POC This Week

pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Blogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-12861 HIGH POC PATCH This Week

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Sane Backends Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-12865 HIGH POC This Week

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Sane Backends Ubuntu Linux +2
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2020-14017 HIGH POC This Week

An issue was discovered in Navigate CMS 2.9 r1433. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Navigate Cms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14015 HIGH POC This Week

An issue was discovered in Navigate CMS 2.9 r1433. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Navigate Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-13700 HIGH POC THREAT This Week

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Acf To Rest Api
NVD GitHub
CVSS 3.1
7.5
EPSS
13.5%
CVE-2020-7667 HIGH POC PATCH This Week

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Go Rpm Utils
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-13247 HIGH POC This Week

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Boolebox
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-14005 HIGH This Week

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor Orion Web Performance Monitor
NVD GitHub
CVSS 3.1
8.8
EPSS
14.3%
CVE-2020-3962 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-6870 HIGH This Week

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zte Netnumen U31 R10 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-5962 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Quadro Firmware Geforce Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3969 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11961 HIGH This Week

Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xiaomi R3600 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11959 HIGH This Week

An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nginx Xiaomi R3600 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-9494 HIGH This Week

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-10280 HIGH This Week

The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10273 HIGH This Week

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-10274 HIGH This Week

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy