Skip to main content
CVE-2020-15893 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection D-Link Dir 816L Firmware
NVD
CVSS 3.1
9.8
EPSS
20.9%
CVE-2020-15892 CRITICAL POC PATCH Act Now

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow D-Link Dap 1520 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6530 HIGH POC This Week

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6507 HIGH POC THREAT This Week

Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Chrome
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
19.4%
CVE-2020-3452 HIGH POC KEV THREAT This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Path Traversal Adaptive Security Appliance Software Firepower Threat Defense
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
100.0%
CVE-2020-15806 HIGH POC This Week

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Linux +12
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8559 MEDIUM POC PATCH This Month

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Open Redirect
NVD GitHub
CVSS 3.1
6.8
EPSS
6.1%
CVE-2020-6519 MEDIUM POC THREAT This Month

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Debian Linux +2
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
11.3%
CVE-2020-6514 MEDIUM POC This Month

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap +8
NVD
CVSS 3.1
6.5
EPSS
7.8%
CVE-2020-15895 MEDIUM POC PATCH This Month

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link PHP Dir 816L Firmware
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-10917 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Esmpro Manager
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2020-4385 CRITICAL PATCH Act Now

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Verify Gateway
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-9664 CRITICAL Act Now

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Deserialization PHP Magento
NVD
CVSS 3.1
9.8
EPSS
8.4%
CVE-2020-6522 CRITICAL Act Now

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2020-6509 CRITICAL Act Now

Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2020-6505 CRITICAL Act Now

Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-15901 HIGH This Week

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
21.9%
CVE-2020-9687 HIGH This Week

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop +1
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-9685 HIGH This Week

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop +1
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-9684 HIGH This Week

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop +1
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-9683 HIGH This Week

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Photoshop +1
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2020-9680 HIGH This Week

Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Prelude
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-9678 HIGH This Week

Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Prelude
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2020-9677 HIGH This Week

Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Prelude
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-6534 HIGH This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6533 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6525 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6524 HIGH This Week

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-6523 HIGH This Week

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6520 HIGH This Week

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6518 HIGH This Week

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-6517 HIGH This Week

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-6515 HIGH This Week

Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-6513 HIGH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-6512 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-15904 HIGH PATCH This Week

A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Bsdiff4
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-4372 HIGH PATCH This Week

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9676 HIGH This Week

Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-9675 HIGH This Week

Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Bridge
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2020-9674 HIGH This Week

Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2020-6510 HIGH This Week

Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-4400 HIGH PATCH This Week

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-15896 HIGH PATCH This Week

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

D-Link Authentication Bypass PHP Dap 1522 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-15894 HIGH PATCH This Week

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

D-Link Authentication Bypass PHP Dir 816L Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-12774 MEDIUM This Month

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-15126 MEDIUM PATCH This Month

In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4399 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Verify Gateway
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9686 MEDIUM This Month

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Photoshop +1
NVD
CVSS 3.1
6.5
EPSS
4.2%
CVE-2020-9679 MEDIUM This Month

Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Information Disclosure Prelude
NVD
CVSS 3.1
6.5
EPSS
4.8%
CVE-2020-15124 MEDIUM PATCH This Month

In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Path Traversal Goobi Viewer Core
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy