Skip to main content
CVE-2020-1147 HIGH POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Net Core Net Framework Sharepoint Enterprise Server +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
94.2%
CVE-2020-6287 CRITICAL POC KEV THREAT Act Now

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD GitHub
CVSS 3.1
10.0
EPSS
94.7%
CVE-2020-11546 CRITICAL POC THREAT Act Now

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Superwebmailer
NVD
CVSS 3.1
9.8
EPSS
31.7%
CVE-2020-7593 CRITICAL POC Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Logo 8 Bm Firmware
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2020-11956 CRITICAL POC Act Now

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-11951 CRITICAL POC Act Now

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11955 HIGH POC This Week

An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-11953 HIGH POC This Week

An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-13935 HIGH POC PATCH THREAT This Week

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Tomcat Debian Linux Oncommand System Manager +15
NVD
CVSS 3.1
7.5
EPSS
87.6%
CVE-2020-11952 MEDIUM POC This Month

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
6.2
EPSS
0.5%
CVE-2020-1350 CRITICAL KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
10.0
EPSS
92.2%
CVE-2020-13753 CRITICAL PATCH Act Now

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Wpe Webkit Fedora +3
NVD
CVSS 3.1
10.0
EPSS
2.9%
CVE-2020-1025 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Lync Sharepoint Enterprise Server Sharepoint Foundation +2
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-9297 CRITICAL PATCH Act Now

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Titus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-1948 CRITICAL PATCH Act Now

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
13.9%
CVE-2020-10042 CRITICAL Act Now

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-10038 CRITICAL Act Now

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13926 CRITICAL PATCH Act Now

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kylin
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-13925 CRITICAL PATCH Act Now

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Kylin
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2020-1456 MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
2.2%
CVE-2020-1043 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-1042 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-1041 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-1040 CRITICAL KEV PATCH THREAT Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
6.9%
CVE-2020-1036 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
6.2%
CVE-2020-1032 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-15711 HIGH PATCH This Week

In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Misp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-1481 HIGH PATCH This Week

A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Eslint
NVD
CVSS 3.1
8.8
EPSS
23.6%
CVE-2020-1448 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +4
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-1447 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-1446 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +5
NVD
CVSS 3.1
8.8
EPSS
11.3%
CVE-2020-1439 HIGH PATCH This Week

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2020-1436 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +7
NVD
CVSS 3.1
8.8
EPSS
21.4%
CVE-2020-1435 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
13.8%
CVE-2020-1421 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Microsoft RCE Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
74.4%
CVE-2020-1416 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Azure Storage Explorer TypeScript Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2020-1412 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

RCE Privilege Escalation Microsoft Windows 10 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
14.0%
CVE-2020-1408 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-1240 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps
NVD
CVSS 3.1
8.8
EPSS
13.8%
CVE-2020-11083 MEDIUM POC PATCH This Month

In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-10045 HIGH This Week

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6292 HIGH This Week

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Disclosure Management
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-6291 HIGH This Week

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Disclosure Management
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-6289 HIGH This Week

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Disclosure Management
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-7587 HIGH This Week

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process +10
NVD
CVSS 3.1
8.2
EPSS
2.5%
CVE-2020-7578 HIGH This Week

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opcenter Execution Core
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-7577 HIGH This Week

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Opcenter Execution Core
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-10039 HIGH This Week

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-1465 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Onedrive
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1463 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy