Skip to main content
CVE-2020-16205 HIGH POC THREAT Act Now

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection G Cam Ebc 2110 Firmware G Cam Ebc 2111 Firmware G Cam Efd 2240 Firmware G Cam Efd 2241 Firmware +7
NVD
CVSS 3.1
7.2
EPSS
60.4%
CVE-2020-22722 HIGH POC This Week

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Privilege Escalation Microsoft Rapid Scada
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-22721 HIGH POC This Week

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pnotes Net
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-17462 HIGH POC This Week

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15694 HIGH POC PATCH This Week

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nim
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-4662 HIGH PATCH This Week

IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Event Streams
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15145 HIGH PATCH This Week

In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Microsoft Composer Setup
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-9767 HIGH This Week

A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharing Service
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-7583 HIGH PATCH This Week

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Automation License Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-17475 HIGH This Week

Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Koala Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-9708 HIGH This Week

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Git Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-9228 HIGH This Week

FusionCompute 8.0.0 has an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy