Skip to main content
CVE-2020-1472 MEDIUM POC KEV EUVD KEV PATCH THREAT Act Now

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.

Windows
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
94.4%
Threat
8.9
CVE-2020-1380 HIGH KEV PATCH THREAT Act Now

Internet Explorer scripting engine contains a remote code execution vulnerability through memory corruption when handling objects, exploited as a zero-day in August 2020 before patch availability.

NVD
CVSS 3.1
7.8
EPSS
91.7%
CVE-2020-1337 HIGH POC PATCH THREAT Act Now

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
14.2%
CVE-2020-3433 HIGH POC KEV THREAT Act Now

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
10.0%
CVE-2020-7704 CRITICAL POC PATCH Act Now

The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Linux Cmdline
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-24208 CRITICAL POC Act Now

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Shopping Alphaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-7703 CRITICAL POC Act Now

All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Nis Utils
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7702 CRITICAL POC Act Now

All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Templ8
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-13122 HIGH POC This Week

The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Noviware
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2020-1464 HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Jwt Attack Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 +16
NVD
CVSS 3.1
7.8
EPSS
41.1%
CVE-2020-24372 HIGH POC This Week

LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Luajit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-24369 HIGH POC PATCH This Week

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Lua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8209 HIGH POC THREAT This Week

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenmobile Server
NVD
CVSS 3.1
7.5
EPSS
48.7%
CVE-2020-1467 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Windows improperly handles hard links. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
10.0
EPSS
3.5%
CVE-2020-8212 CRITICAL PATCH Act Now

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-8211 CRITICAL Act Now

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Command Injection Citrix Xenmobile Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12606 CRITICAL Act Now

An issue was discovered in DB Soft SGLAC before 20.05.001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sglac
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-24371 MEDIUM POC PATCH This Month

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lua
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-24370 MEDIUM POC PATCH This Month

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Lua Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
3.8%
CVE-2020-15152 CRITICAL PATCH Act Now

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Node.js SSRF Ftp Srv
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-9233 CRITICAL Act Now

FusionCompute 8.0.0 have an insufficient authentication vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fusioncompute
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-1585 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-1583 HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-1561 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-1555 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-1504 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Excel
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-1498 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-1496 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-1495 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +3
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-1494 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-24220 HIGH This Week

ShopXO v1.8.1 has a command execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Shopxo
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8233 HIGH PATCH This Week

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Edgeswitch Firmware Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-9242 HIGH This Week

FusionCompute 8.0.0 have a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fusioncompute
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13941 HIGH PATCH This Week

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Solr
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-3500 HIGH This Week

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Staros
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-3363 HIGH This Week

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sg250X 24 Firmware Sg250X 24P Firmware Sg250X 48 Firmware +111
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-4686 HIGH PATCH This Week

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation IBM Spectrum Virtualize Flashsystem V5000 Firmware Flashsystem V7200 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-1552 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. Rated high severity (CVSS 8.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.0
EPSS
2.4%
CVE-2020-1587 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1584 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1582 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft 365 Apps Access Office
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-1581 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1579 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1577 HIGH PATCH This Week

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
7.1%
CVE-2020-1569 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-1564 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-1563 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-1562 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-1560 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-1558 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy