Skip to main content
CVE-2020-16165 CRITICAL POC Act Now

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-7699 CRITICAL POC PATCH Act Now

This affects the package express-fileupload before 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Denial Of Service Express Fileupload Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-14162 HIGH POC This Week

An issue was discovered in Pi-Hole through 5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pi Hole
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-12620 HIGH POC This Week

Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pi Hole
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-8218 HIGH POC KEV THREAT This Week

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
7.2
EPSS
32.7%
CVE-2020-8192 MEDIUM POC PATCH This Month

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastify
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-3699 CRITICAL PATCH Act Now

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3698 CRITICAL PATCH Act Now

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +43
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3688 CRITICAL Act Now

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +45
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3671 CRITICAL Act Now

Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Information Disclosure Apq8009 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-16157 MEDIUM POC THREAT This Month

A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD
CVSS 3.1
5.4
EPSS
14.4%
CVE-2020-8202 MEDIUM POC This Month

Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Denial Of Service Preferred Providers
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-16163 CRITICAL Act Now

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rpki Validator 3
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-14158 CRITICAL Act Now

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secvest Hybrid Fumo50110 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2020-15129 MEDIUM POC PATCH This Month

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Open Redirect Traefik
NVD GitHub
CVSS 3.1
4.7
EPSS
8.0%
CVE-2020-10713 HIGH This Week

A flaw was found in grub2, prior to version 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Grub2 Debian Linux Leap +1
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2020-8206 HIGH This Week

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-7829 HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7828 HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7827 HIGH This Week

DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3701 HIGH This Week

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Denial Of Service Memory Corruption Saipan Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-5610 HIGH This Week

Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Global Techstream
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-16162 HIGH This Week

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rpki Validator 3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15131 HIGH PATCH This Week

In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slp Validate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15130 HIGH PATCH This Week

In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slpjs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15957 HIGH PATCH This Week

An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Dp3T Backend Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4185 HIGH PATCH This Week

IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-3700 HIGH PATCH This Week

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-16164 HIGH PATCH This Week

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Rpki Validator 3
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2020-8219 HIGH This Week

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-8222 MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
6.8
EPSS
2.3%
CVE-2020-7205 MEDIUM This Month

A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Intelligent Provisioning Service Pack For Proliant Smartstart Scripting Toolkit
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-14309 MEDIUM This Month

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Grub2 Leap
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-8220 MEDIUM This Month

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Command Injection Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-8204 MEDIUM This Month

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-8217 MEDIUM This Month

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Citrix Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-15511 MEDIUM This Month

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Terraform Enterprise
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-8213 MEDIUM This Month

An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4186 MEDIUM PATCH This Month

IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-8221 MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-8216 MEDIUM This Month

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
4.3
EPSS
2.3%
CVE-2020-16166 LOW PATCH Monitor

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Linux Information Disclosure Linux Kernel Leap Fedora +12
NVD GitHub
CVSS 3.1
3.7
EPSS
5.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy