Skip to main content
CVE-2020-15865 CRITICAL POC Act Now

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reports
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-14935 CRITICAL POC Act Now

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14934 CRITICAL POC Act Now

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7708 CRITICAL POC PATCH Act Now

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Irrelon Path
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7707 CRITICAL POC PATCH Act Now

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Property Expr
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-7706 CRITICAL POC PATCH Act Now

The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Connie Lang
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-14937 CRITICAL POC Act Now

Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-23934 HIGH POC THREAT This Week

An issue was discovered in RiteCMS 2.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Ritecms
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
16.0%
CVE-2020-15926 MEDIUM POC PATCH This Month

Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-24032 CRITICAL Act Now

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lpar2Rrd Stor2Rrd
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2020-14936 CRITICAL Act Now

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-7018 HIGH This Week

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Enterprise Search
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-5385 HIGH This Week

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-9415 MEDIUM This Month

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Virtualization Data Virtualization For Aws Marketplace
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-7019 MEDIUM PATCH This Month

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14333 MEDIUM This Month

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy