Skip to main content
CVE-2020-15943 HIGH POC This Week

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Gantt Chart
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15135 HIGH POC PATCH This Week

save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js CSRF Save Server
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2020-15956 HIGH POC THREAT This Week

ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nvr
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
10.5%
CVE-2020-13522 HIGH POC This Week

An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ram Disk
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-15467 HIGH This Week

The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-5615 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Calendar01 Calendar02
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-16134 HIGH This Week

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Internet Box 2 Firmware Internet Box Standard Firmware Internet Box Plus Firmware Internet Box 3 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2020-16203 HIGH PATCH This Week

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Memory Corruption Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-16199 HIGH This Week

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
10.2%
CVE-2020-7823 HIGH This Week

DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7822 HIGH This Week

DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-5617 HIGH This Week

Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Skysea Client View
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6012 HIGH This Week

ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Zonealarm Anti Ransomware
NVD
CVSS 3.1
7.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy