Skip to main content
CVE-2020-15943 HIGH POC This Week

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Gantt Chart
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15135 HIGH POC PATCH This Week

save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js CSRF Save Server
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2020-15956 HIGH POC THREAT This Week

ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nvr
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
10.5%
CVE-2020-13522 HIGH POC This Week

An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ram Disk
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-4459 CRITICAL PATCH Act Now

IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-5616 CRITICAL Act Now

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Calendar01 Calendar02 Calendarform01 Gallery01 +4
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-15944 MEDIUM POC This Month

An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Gantt Chart
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-15109 MEDIUM POC PATCH This Month

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Solidus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15467 HIGH This Week

The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-5615 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Calendar01 Calendar02
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-16134 HIGH This Week

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Internet Box 2 Firmware Internet Box Standard Firmware Internet Box Plus Firmware Internet Box 3 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2020-16203 HIGH PATCH This Week

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Memory Corruption Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-16199 HIGH This Week

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
10.2%
CVE-2020-7823 HIGH This Week

DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7822 HIGH This Week

DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-5617 HIGH This Week

Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Skysea Client View
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6012 HIGH This Week

ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Zonealarm Anti Ransomware
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-13523 LOW POC Monitor

An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ram Disk
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2020-16847 MEDIUM This Month

Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extreme Management Center
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-16843 MEDIUM This Month

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Firecracker
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-4631 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Microsoft Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4542 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Requirements Management Doors Next
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4525 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Workflow Management Rational Rhapsody Design Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4396 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Engineering Test Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4410 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Test Management Rational Rhapsody Design Manager
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-16201 LOW Monitor

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cncsoft Screeneditor
NVD
CVSS 3.1
3.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy