Skip to main content
CVE-2020-14644 CRITICAL POC KEV THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
94.5%
CVE-2020-8178 CRITICAL POC Act Now

Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Jison
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-9496 MEDIUM POC THREAT This Month

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apache Deserialization Ofbiz
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
98.9%
CVE-2020-11436 CRITICAL POC Act Now

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librehealth Ehr
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2020-11439 HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Librehealth Ehr
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11438 HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by systemic CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Librehealth Ehr
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-14723 HIGH POC This Week

Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Authentication Bypass Help Technologies
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-15779 HIGH POC This Week

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Socket Io File
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-8203 HIGH POC PATCH This Week

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Lodash Banking Corporate Lending Process Management Banking Credit Facilities Process Management Banking Extensibility Workbench +14
NVD GitHub
CVSS 3.1
7.4
EPSS
5.2%
CVE-2020-8958 HIGH POC THREAT This Week

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 1Ge Router Wifi Onu V2801Rw Firmware 1Ge 3Fe Wifi Onu V2804Rgw Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
46.6%
CVE-2020-14982 MEDIUM POC This Month

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Web Time And Attendance
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15051 MEDIUM POC This Month

An issue was discovered in Artica Proxy before 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2020-15718 MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.3%
CVE-2020-15716 MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
CVE-2020-14701 CRITICAL Act Now

Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Sd Wan Aware
NVD
CVSS 3.1
10.0
EPSS
2.1%
CVE-2020-14606 CRITICAL PATCH Act Now

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Sd Wan Edge
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2020-10288 CRITICAL Act Now

IRC5 exposes an ftp server (port 21). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Robotware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10287 CRITICAL Act Now

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Irb140 Firmware Irc5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10285 CRITICAL Act Now

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12684 CRITICAL Act Now

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE I Net Clear Reports
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-14687 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-14645 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
46.2%
CVE-2020-14625 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-14511 CRITICAL Act Now

Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Edr G902 T Firmware Edr G902 Firmware Edr G903 T Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-14503 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Iview
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-14501 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-14507 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-14505 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iview
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2020-14497 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-14705 CRITICAL Act Now

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Goldengate
NVD
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-10284 CRITICAL Act Now

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm Studio
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-14665 CRITICAL Act Now

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14658 CRITICAL Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14599 CRITICAL PATCH Act Now

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Gateway For Mobile Devices
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14598 CRITICAL PATCH Act Now

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Gateway For Mobile Devices
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-10286 HIGH This Week

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware Xarm 6 Firmware Xarm 7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-9309 HIGH This Week

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mimevalidator Recipe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14066 HIGH This Week

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-12854 HIGH This Week

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Neprofile
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-2228 HIGH PATCH This Week

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab Privilege Escalation Authentication Bypass Gitlab Authentication
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-14611 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Portal
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-14609 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-13788 MEDIUM POC PATCH This Month

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-11437 MEDIUM POC This Month

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-14664 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
4.2%
CVE-2020-14583 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Openjdk Jdk +18
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2020-14690 HIGH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14688 HIGH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Common Applications
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14686 HIGH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14682 HIGH This Week

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Depot Repair
NVD
CVSS 3.1
8.2
EPSS
1.3%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy