Skip to main content
CVE-2020-15348 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection Python Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-9047 HIGH POC This Week

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Exacqvision Enterprise Manager Exacqvision Web Service
NVD
CVSS 3.1
7.2
EPSS
7.8%
CVE-2020-15308 HIGH POC This Week

Support Incident Tracker (aka SiT!. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Support Incident Tracker
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-9632 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Magento
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2020-9631 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Magento
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2020-9630 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Magento
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-9585 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Magento
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-9583 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Magento
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2020-9582 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Magento
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2020-9580 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Magento
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-9579 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Magento
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-9578 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Magento
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2020-9576 CRITICAL PATCH Act Now

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Magento
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2020-14955 MEDIUM POC This Month

In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jiangmin Antivirus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10769 MEDIUM POC This Month

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Enterprise Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9574 HIGH PATCH This Week

Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2020-9573 HIGH PATCH This Week

Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2020-9572 HIGH PATCH This Week

Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-9571 HIGH PATCH This Week

Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2020-9570 HIGH PATCH This Week

Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2020-9569 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9568 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-9567 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Adobe Memory Corruption RCE Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-9566 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Adobe Memory Corruption RCE Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2020-9565 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9564 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9563 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.2%
CVE-2020-9562 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2020-9561 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9560 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9559 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9556 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-9555 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.2%
CVE-2020-9554 HIGH PATCH This Week

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-3768 HIGH This Week

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Coldfusion
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-9621 HIGH PATCH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Digital Negative Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
7.5%
CVE-2020-9620 HIGH PATCH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Digital Negative Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
7.7%
CVE-2020-9590 HIGH PATCH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Digital Negative Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
43.7%
CVE-2020-9589 HIGH PATCH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Digital Negative Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
7.6%
CVE-2020-9586 HIGH This Week

Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Character Animator
NVD
CVSS 3.1
7.8
EPSS
7.9%
CVE-2020-15351 HIGH This Week

IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Idrive
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9628 HIGH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Dng Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9627 HIGH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Dng Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9625 HIGH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Dng Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9591 HIGH PATCH This Week

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-9587 HIGH PATCH This Week

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2020-9623 HIGH PATCH This Week

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-13891 HIGH This Week

An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11996 HIGH PATCH This Week

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Tomcat Information Disclosure Ubuntu Linux Mysql Enterprise Monitor +5
NVD
CVSS 3.1
7.5
EPSS
26.7%
CVE-2020-10628 HIGH This Week

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controledge Plc Firmware Controledge Rtu Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy