Skip to main content
CVE-2020-11439 HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Librehealth Ehr
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11438 HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by systemic CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Librehealth Ehr
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-14723 HIGH POC This Week

Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Authentication Bypass Help Technologies
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-15779 HIGH POC This Week

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Socket Io File
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-8203 HIGH POC PATCH This Week

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Lodash Banking Corporate Lending Process Management Banking Credit Facilities Process Management Banking Extensibility Workbench +14
NVD GitHub
CVSS 3.1
7.4
EPSS
5.2%
CVE-2020-8958 HIGH POC THREAT This Week

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 1Ge Router Wifi Onu V2801Rw Firmware 1Ge 3Fe Wifi Onu V2804Rgw Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
46.6%
CVE-2020-10286 HIGH This Week

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware Xarm 6 Firmware Xarm 7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-9309 HIGH This Week

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mimevalidator Recipe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14066 HIGH This Week

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-12854 HIGH This Week

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Neprofile
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-2228 HIGH PATCH This Week

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab Privilege Escalation Authentication Bypass Gitlab Authentication
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-14611 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Portal
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-14609 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-14664 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
4.2%
CVE-2020-14583 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Openjdk Jdk +18
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2020-14690 HIGH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14688 HIGH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Common Applications
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14686 HIGH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14682 HIGH This Week

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Depot Repair
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14681 HIGH This Week

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14671 HIGH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Advanced Outbound Telephony
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14670 HIGH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Settings). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Advanced Outbound Telephony
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14669 HIGH This Week

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14668 HIGH This Week

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14666 HIGH This Week

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14660 HIGH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Crm Technical Foundation
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14628 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Oracle Microsoft Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-14608 HIGH PATCH This Week

Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Fusion Middleware Mapviewer
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-14596 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Address Book). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass Istore
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-14595 HIGH PATCH This Week

Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Authentication Bypass Ilearning
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2020-14588 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
8.2
EPSS
1.6%
CVE-2020-14585 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14584 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14582 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Authentication Bypass Istore
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-14580 HIGH PATCH This Week

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications Applications (component: System Admin). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Communications Applications
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-14534 HIGH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-14626 HIGH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Business Intelligence
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-14569 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Investor Servicing
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-14565 HIGH PATCH This Week

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Unified Directory
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-2968 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2020-15602 HIGH This Week

An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Antivirus 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-14720 HIGH This Week

Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Internet Expenses
NVD
CVSS 3.1
7.7
EPSS
1.3%
CVE-2020-14719 HIGH This Week

Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Internet Expenses
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2020-14667 HIGH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Crm Technical Foundation
NVD
CVSS 3.1
7.6
EPSS
1.0%
CVE-2020-14657 HIGH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Crm Technical Foundation
NVD
CVSS 3.1
7.6
EPSS
1.0%
CVE-2020-14610 HIGH PATCH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
7.6
EPSS
0.9%
CVE-2020-6164 HIGH PATCH This Week

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverstripe
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-15603 HIGH This Week

An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Antivirus 2020 Internet Security 2020 +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-2967 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-14713 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy