Skip to main content
CVE-2020-10984 HIGH POC This Week

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Gambio Gx
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-10924 HIGH POC THREAT This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
87.3%
CVE-2020-10923 HIGH POC THREAT This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
84.7%
CVE-2020-11474 HIGH POC This Week

NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secure Enterprise Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-6098 HIGH POC This Week

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Integer Overflow Freediameter
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-16094 HIGH POC This Week

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Claws Mail Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-15899 HIGH POC PATCH This Week

Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-11476 HIGH POC PATCH This Week

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Concrete Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.9%
CVE-2020-13970 HIGH PATCH This Week

Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Shopware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15416 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2020-10929 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-10927 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-10926 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10925 HIGH This Week

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15714 HIGH This Week

rConfig 3.9.5 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Rconfig
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-15713 HIGH This Week

rConfig 3.9.5 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Rconfig
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-10928 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Heap Overflow RCE R6700 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2020-13997 HIGH PATCH This Week

In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shopware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-15419 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE One Firmware
NVD
CVSS 3.1
7.5
EPSS
63.8%
CVE-2020-15418 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE One Firmware
NVD
CVSS 3.1
7.5
EPSS
9.4%
CVE-2020-7685 HIGH This Week

This affects all versions of package UmbracoForms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Umbraco Forms
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15628 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15627 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15626 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15625 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15624 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-15622 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15621 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15620 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-15619 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15618 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15617 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-15616 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Webpanel
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-13918 HIGH This Week

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unleashed Firmware
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-13915 HIGH This Week

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unleashed Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-13914 HIGH This Week

webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Unleashed Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-4375 HIGH PATCH This Week

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy