Skip to main content
CVE-2020-23935 CRITICAL POC THREAT Act Now

Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Student Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
15.9%
CVE-2020-10283 CRITICAL POC Act Now

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Micro Air Vehicle Link
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-17456 CRITICAL POC THREAT Act Now

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Slc 130 Firmware Slr 120S Firmware Slr 120S42G Firmware +2
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
71.7%
CVE-2020-15531 HIGH POC This Week

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Bluetooth Low Energy Software Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-15146 HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-15143 HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-13826 HIGH POC This Week

A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection I Doit
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-15532 MEDIUM POC This Month

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Bluetooth Low Energy Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-13825 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15149 CRITICAL PATCH Act Now

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Nodebb
NVD GitHub
CVSS 3.1
9.9
EPSS
2.4%
CVE-2020-16279 CRITICAL Act Now

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Rangeeos
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-23936 CRITICAL Act Now

PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Vehicle Parking Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-15636 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE R6700 Firmware
NVD
CVSS 3.1
9.8
EPSS
8.5%
CVE-2020-16282 HIGH This Week

In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Rangeeos
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-10289 HIGH PATCH This Week

Use of unsafe yaml load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Robot Operating System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15635 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-15151 HIGH PATCH This Week

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Adobe CSRF Openmage Long Term Support Magento
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-16281 HIGH This Week

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Rangeeos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8870 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2020-8869 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2020-15862 HIGH PATCH This Week

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux Cloud Backup Hci Management Node +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15861 HIGH PATCH This Week

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux Cloud Backup Smi S Provider +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15638 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2020-15630 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2020-15629 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
6.3%
CVE-2020-24359 HIGH PATCH This Week

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Ssh Helper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15634 MEDIUM This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2020-12619 MEDIUM This Month

MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mailmate
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-16280 MEDIUM This Month

Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rangeeos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15119 MEDIUM PATCH This Month

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lock
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-12618 MEDIUM This Month

eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Em Client
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-4687 MEDIUM This Month

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-15637 LOW Monitor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
3.3
EPSS
4.1%
CVE-2020-4548 LOW Monitor

IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Content Navigator
NVD
CVSS 3.1
2.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy