Skip to main content
CVE-2020-8186 CRITICAL POC PATCH Act Now

A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Devcert
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-11081 HIGH POC PATCH This Week

osquery before version 4.4.0 enables a privilege escalation vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Osquery
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-6114 HIGH POC This Week

An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Icehrm
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-8195 MEDIUM POC KEV THREAT This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +2
NVD
CVSS 3.1
6.5
EPSS
33.3%
CVE-2020-8194 MEDIUM POC THREAT This Month

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware +2
NVD
CVSS 3.1
6.5
EPSS
10.7%
CVE-2020-8193 MEDIUM POC KEV THREAT This Month

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +1
NVD
CVSS 3.1
6.5
EPSS
88.4%
CVE-2020-8191 MEDIUM POC THREAT This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +1
NVD
CVSS 3.1
6.1
EPSS
22.9%
CVE-2020-15504 CRITICAL Act Now

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sophos RCE SQLi Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7815 CRITICAL Act Now

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Xplatform
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-7814 CRITICAL Act Now

RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Raon K Upload
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-8197 HIGH This Week

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-8199 HIGH This Week

Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Gateway Plug In For Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3974 HIGH PATCH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8190 HIGH This Week

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8187 HIGH This Week

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-11061 HIGH This Week

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Bareos Debian Linux
NVD GitHub
CVSS 3.1
7.4
EPSS
1.2%
CVE-2020-4042 MEDIUM This Month

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bareos
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-9260 MEDIUM This Month

HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P30 Firmware P30 Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-8198 MEDIUM This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +1
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-5607 MEDIUM PATCH This Month

Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Shirasagi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-9258 MEDIUM This Month

HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-15105 MEDIUM PATCH This Month

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Python RCE Redis Django Two Factor Authentication
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8196 MEDIUM KEV THREAT This Month

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware +2
NVD
CVSS 3.1
4.3
EPSS
26.3%
CVE-2020-8181 MEDIUM This Month

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Contacts
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy