Skip to main content
CVE-2020-16205 HIGH POC THREAT Act Now

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2240 Firmware G Cam Efd 2241 Firmware +7
NVD
CVSS 3.1
7.2
EPSS
60.4%
CVE-2020-17474 CRITICAL POC Act Now

A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zkbiosecurity Server Facedepot 7B Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15692 CRITICAL POC PATCH Act Now

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nim
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-7701 CRITICAL POC PATCH Act Now

madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Madlib Object Utils
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-7700 CRITICAL POC Act Now

All versions of phpjs are vulnerable to Prototype Pollution via parse_str. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Php Js
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-22722 HIGH POC This Week

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Privilege Escalation Microsoft Rapid Scada
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-22721 HIGH POC This Week

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pnotes Net
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-17462 HIGH POC This Week

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15694 HIGH POC PATCH This Week

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nim
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-15693 MEDIUM POC PATCH This Month

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nim
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-10055 CRITICAL PATCH Act Now

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Desigo Consumption Control Desigo Consumption Control Compact
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2020-15781 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sicam A8000 Firmware
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-15142 CRITICAL PATCH Act Now

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Python Openapi Python Client
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%
CVE-2020-4662 HIGH PATCH This Week

IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Event Streams
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15145 HIGH PATCH This Week

In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Microsoft Composer Setup
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-9767 HIGH This Week

A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharing Service
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-7583 HIGH PATCH This Week

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Automation License Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-17475 HIGH This Week

Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Koala Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-9708 HIGH This Week

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Git Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-9228 HIGH This Week

FusionCompute 8.0.0 has an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12648 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tinymce
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-17473 MEDIUM This Month

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zkbiosecurity Server Facedepot 7B Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-9229 MEDIUM This Month

FusionCompute 8.0.0 has an information disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-15141 MEDIUM PATCH This Month

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Python Path Traversal Openapi Python Client
NVD GitHub
CVSS 3.1
4.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy