Skip to main content
CVE-2020-17505 HIGH POC THREAT Act Now

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Web Proxy
NVD
CVSS 3.1
8.8
EPSS
82.2%
CVE-2020-7374 HIGH POC Act Now

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Free Pdf Editor Free Pdf Scanner
NVD GitHub
CVSS 3.1
7.8
EPSS
3.1%
CVE-2020-8913 HIGH POC This Week

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Path Traversal Play Core Library
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-16139 HIGH POC THREAT This Week

A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Unified Ip Conference Station 7937G Firmware
NVD
CVSS 3.1
7.5
EPSS
79.8%
CVE-2020-16138 HIGH POC THREAT This Week

A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Unified Ip Conference Station 7937G Firmware
NVD
CVSS 3.1
7.5
EPSS
21.4%
CVE-2020-12674 HIGH POC This Week

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dovecot Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2020-12673 HIGH POC This Week

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dovecot Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2020-12100 HIGH POC This Week

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dovecot Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-6296 HIGH This Week

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-17497 HIGH This Week

eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inet Wireless Daemon
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-13291 HIGH This Week

In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-6301 HIGH This Week

SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Hcm Travel Management
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-6298 HIGH This Week

SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Generic Market Data
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-17360 HIGH This Week

An issue was discovered in ReadyTalk Avian 1.2.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Avian
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-6295 HIGH This Week

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Adaptive Server Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15868 HIGH This Week

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-6309 HIGH This Week

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-2232 HIGH PATCH This Week

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Email Extension
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-13290 HIGH This Week

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy