Skip to main content
CVE-2020-15072 HIGH POC This Week

An issue was discovered in phpList through 3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Phplist
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5764 HIGH POC This Week

MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Path Traversal Mx Player
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-3973 HIGH This Week

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Velocloud Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2034 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.1
EPSS
6.6%
CVE-2020-5974 HIGH This Week

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nvidia Jetpack Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6938 HIGH This Week

A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tableau Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5839 HIGH This Week

Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Endpoint Detection And Response
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11994 HIGH PATCH This Week

Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Camel Communications Diameter Signaling Router Enterprise Manager Base Platform Enterprise Repository
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-2030 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy