Skip to main content
CVE-2020-11978 HIGH POC KEV PATCH THREAT Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Airflow
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.1%
CVE-2020-11981 CRITICAL POC PATCH THREAT Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Redis Command Injection Airflow
NVD
CVSS 3.1
9.8
EPSS
34.0%
CVE-2020-5756 HIGH POC This Week

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gwn7000 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-15110 HIGH POC PATCH This Week

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubespawner
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-5767 MEDIUM POC This Month

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Email Subscribers Newsletters
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-15807 MEDIUM POC This Month

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-15497 MEDIUM POC This Month

jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-14928 MEDIUM POC PATCH This Month

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Evolution Data Server Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
5.9
EPSS
2.8%
CVE-2020-7206 CRITICAL PATCH Act Now

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

HP Command Injection PHP Nagios Plugins Hpilo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-5759 CRITICAL Act Now

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-5757 CRITICAL Act Now

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2020-0231 CRITICAL Act Now

There is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-0230 CRITICAL Act Now

There is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-0225 CRITICAL PATCH Act Now

In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-0224 CRITICAL PATCH Act Now

In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-1654 CRITICAL Act Now

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-1652 CRITICAL Act Now

OpenNMS is accessible via port 9443. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opennms
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-1647 CRITICAL Act Now

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Juniper Junos
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7826 CRITICAL Act Now

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Bflyinstallerx Ocx
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-7825 CRITICAL Act Now

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Miplatform
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-14001 CRITICAL PATCH Act Now

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Gitlab RCE Authentication Bypass Kramdown Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-7684 CRITICAL PATCH Act Now

This affects all versions of package rollup-plugin-serve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rollup Plugin Serve
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-15801 CRITICAL PATCH Act Now

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-9682 CRITICAL Act Now

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Creative Cloud Desktop Application
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-9671 CRITICAL Act Now

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Creative Cloud Desktop Application
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-9670 CRITICAL Act Now

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Creative Cloud Desktop Application
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-9669 CRITICAL Act Now

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Creative Cloud
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-11982 CRITICAL PATCH Act Now

An issue was found in Apache Airflow versions 1.10.10 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Redis Deserialization RCE Airflow
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2020-5769 MEDIUM POC This Month

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gateway Trb245 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-7696 MEDIUM POC PATCH This Month

This affects all versions of package react-native-fast-image. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure React Native Fast Image
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-5768 MEDIUM POC This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Email Subscribers Newsletters
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2020-9257 HIGH This Week

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei P30 Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-5758 HIGH This Week

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-15816 HIGH This Week

In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wd Discovery
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-4464 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
13.2%
CVE-2020-1645 HIGH This Week

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2020-15813 HIGH PATCH This Week

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Graylog
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-9254 HIGH This Week

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Huawei P30 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-7818 HIGH This Week

DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-0227 HIGH PATCH This Week

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0226 HIGH PATCH This Week

In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0120 HIGH This Week

In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-5131 HIGH This Week

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Sonicwall Microsoft Netextender
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9688 HIGH This Week

Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Download Manager
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2020-9673 HIGH This Week

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Coldfusion
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-9672 HIGH This Week

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Coldfusion
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-9650 HIGH This Week

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-9646 HIGH This Week

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-10605 HIGH This Week

Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cim 500 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-0228 HIGH This Week

There is an improper configuration of recorder related service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy