Skip to main content
CVE-2020-16169 CRITICAL POC Act Now

Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Robox Os
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-11984 CRITICAL POC THREAT Act Now

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Http Server Clustered Data Ontap Ubuntu Linux +10
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-8025 CRITICAL POC Act Now

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SAP Information Disclosure Linux Enterprise High Performance Computing Linux Enterprise Server Linux Enterprise Software Development Kit
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2020-16167 CRITICAL POC Act Now

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Launcher Os
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2020-13376 CRITICAL POC Act Now

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Path Traversal Securmail
NVD
CVSS 3.1
9.0
EPSS
3.5%
CVE-2020-15480 HIGH POC This Week

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Burnintest Osforensics Performancetest
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-15479 HIGH POC This Week

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Burnintest Osforensics Performancetest
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11993 HIGH POC PATCH THREAT This Week

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Request Smuggling Information Disclosure Http Server Clustered Data Ontap +11
NVD
CVSS 3.1
7.5
EPSS
58.7%
CVE-2020-5412 MEDIUM POC PATCH THREAT This Month

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Cloud Netflix
NVD
CVSS 3.1
6.5
EPSS
10.2%
CVE-2020-16168 MEDIUM POC This Month

Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Temi Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-15063 HIGH This Week

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Da 70254 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-15062 HIGH This Week

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Da 70254 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-15059 HIGH This Week

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 42633 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-15058 HIGH This Week

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 42633 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-15055 HIGH This Week

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Ps310U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-15054 HIGH This Week

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link Tl Ps310U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-17352 HIGH PATCH This Week

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos RCE Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2020-7810 HIGH This Week

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hslogin2 Dll
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-11852 HIGH This Week

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Secure Messaging Gateway
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-8026 HIGH This Week

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backports Sle Tumbleweed Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-16227 HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Tpeditor
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-16225 HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Tpeditor
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-16223 HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Tpeditor
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2020-16221 HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Tpeditor
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2020-16219 HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Tpeditor
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-15138 HIGH PATCH This Week

Prism is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Apple Previewers
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-9490 HIGH PATCH This Week

Apache HTTP Server versions 2.4.20 to 2.4.43. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Apache Request Smuggling Denial Of Service Http Server Communications Element Manager +23
NVD
CVSS 3.1
7.5
EPSS
89.7%
CVE-2020-15065 MEDIUM This Month

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Da 70254 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15061 MEDIUM This Month

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 42633 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15057 MEDIUM This Month

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow TP-Link Tl Ps310U Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15907 MEDIUM PATCH This Month

In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mahara
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11985 MEDIUM This Month

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure PHP Http Server
NVD
CVSS 3.1
5.3
EPSS
6.8%
CVE-2020-15064 MEDIUM This Month

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Da 70254 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2020-15060 MEDIUM This Month

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS 42633 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2020-15056 MEDIUM This Month

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS TP-Link Tl Ps310U Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy