Skip to main content
CVE-2020-24055 CRITICAL POC Act Now

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption 5620Ptz Firmware 4320 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-24054 CRITICAL POC Act Now

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-24051 CRITICAL POC Act Now

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7710 CRITICAL POC Act Now

This affects all versions of package safe-eval. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Safe Eval
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24589 CRITICAL POC PATCH THREAT Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Api Manager Api Microgateway
NVD
CVSS 3.1
9.1
EPSS
26.9%
CVE-2020-24052 CRITICAL POC Act Now

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-24057 HIGH POC This Week

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection S5120Fd Firmware
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2020-24574 HIGH POC This Week

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Authentication Bypass Galaxy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-24567 HIGH POC This Week

voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Everything
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9063 HIGH POC This Week

NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Aptra Xfs
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2020-24056 HIGH POC This Week

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 5620Ptz Firmware 4320 Firmware S5120Fd Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-24053 HIGH POC This Week

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-24571 HIGH POC THREAT This Week

NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nexusdb
NVD
CVSS 3.1
7.5
EPSS
18.0%
CVE-2020-15309 HIGH POC This Week

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-8227 MEDIUM POC THREAT This Month

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Path Traversal Desktop
NVD
CVSS 3.1
6.8
EPSS
22.4%
CVE-2020-14201 MEDIUM POC PATCH This Month

Dolibarr CRM before 11.0.5 allows privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Dolibarr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-20634 MEDIUM POC This Month

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Website Builder
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-8234 CRITICAL Act Now

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Edgemax Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-5775 MEDIUM POC This Month

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Canvas Learning Management Service
NVD
CVSS 3.1
5.8
EPSS
6.5%
CVE-2020-15140 CRITICAL PATCH Act Now

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Red Discord Bot
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2020-8189 MEDIUM POC This Month

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nextcloud Desktop
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-20633 MEDIUM POC This Month

ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Privilege Escalation PHP Gdpr Cookie Consent
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-10123 MEDIUM POC This Month

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aptra Xfs
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-24590 CRITICAL Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Microgateway
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-5417 HIGH This Week

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15070 HIGH This Week

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PostgreSQL Zulip Server
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15147 HIGH PATCH This Week

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Red Discord Bot
NVD GitHub
CVSS 3.1
8.5
EPSS
2.0%
CVE-2020-10126 HIGH This Week

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Aptra Xfs
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2020-10125 HIGH This Week

NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Aptra Xfs
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2020-8623 HIGH This Week

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Leap Debian Linux +3
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-8621 HIGH This Week

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Ubuntu Linux Dns Server +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-8620 HIGH This Week

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Steelstore Cloud Integrated Storage Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-12457 HIGH PATCH This Week

An issue was discovered in wolfSSL before 4.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14215 HIGH This Week

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-10124 HIGH This Week

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

RCE Authentication Bypass Aptra Xfs
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-5774 HIGH PATCH This Week

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Nessus
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-7310 MEDIUM This Month

Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Total Protection
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-10290 MEDIUM This Month

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Urx
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5416 MEDIUM This Month

Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nginx Cf Deployment Routing Release
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-8622 MEDIUM PATCH This Month

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Fedora Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2020-24591 MEDIUM This Month

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-7923 MEDIUM PATCH This Month

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.4 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-9246 MEDIUM This Month

FusionCompute 8.0.0 has an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-15858 MEDIUM This Month

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Bgs5 Firmware Ehs5 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-12759 MEDIUM This Month

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9096 MEDIUM This Month

HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9095 MEDIUM This Month

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3975 MEDIUM This Month

VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware App Volumes
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14194 MEDIUM This Month

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-9062 MEDIUM This Month

Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Probase
NVD
CVSS 3.1
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy