Skip to main content
CVE-2020-24007 CRITICAL POC Act Now

Umanni RH 1.0 does not limit the number of authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Human Resources
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-17376 HIGH POC PATCH This Week

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Nova
NVD
CVSS 3.1
8.3
EPSS
1.7%
CVE-2020-11497 HIGH POC This Week

An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Nab Transact
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13410 HIGH POC PATCH This Week

An issue was discovered in MoscaJS Aedes 0.42.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Aedes
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-24315 HIGH POC This Week

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wordpress Poll
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-24312 HIGH POC THREAT This Week

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure File Manager
NVD
CVSS 3.1
7.5
EPSS
15.9%
CVE-2020-15483 MEDIUM POC This Month

An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass M1000 Multipara Patient Monitor Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-24656 MEDIUM POC This Month

Maltego before 4.2.12 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Maltego
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-24316 MEDIUM POC This Month

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admin Menu
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-24314 MEDIUM POC This Month

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rss Feed Widget
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-24313 MEDIUM POC This Month

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Appointment Booking Scheduling
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14498 CRITICAL Act Now

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Ecatcher
NVD
CVSS 3.1
10.0
EPSS
2.9%
CVE-2020-24661 MEDIUM POC This Month

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Geary Fedora
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-15158 CRITICAL PATCH Act Now

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-3446 CRITICAL Act Now

A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Encs 5406 W Firmware Encs 5408 W Firmware Encs 5412 W Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24653 CRITICAL PATCH Act Now

secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Expo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-23660 MEDIUM POC This Month

webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webtareas
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23659 MEDIUM POC This Month

WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Port
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-23658 MEDIUM POC This Month

PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23657 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23656 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23655 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23654 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-19007 MEDIUM POC This Month

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-24548 MEDIUM POC This Month

Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Access Server
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-24008 MEDIUM POC This Month

Umanni RH 1.0 has a user enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Human Resources
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-12855 HIGH This Week

A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Neprofile
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-12456 HIGH This Week

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Mivoice Connect Client
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-3507 HIGH This Week

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 8000P Ip Camera Firmware 8020 Ip Camera Firmware 8030 Ip Camera Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-3506 HIGH This Week

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 8000P Ip Camera Firmware 8020 Ip Camera Firmware 8030 Ip Camera Firmware +5
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3443 HIGH This Week

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Smart Software Manager On Prem
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-5922 HIGH This Week

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-16251 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD GitHub
CVSS 3.1
8.2
EPSS
3.0%
CVE-2020-16250 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD GitHub
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-15156 HIGH PATCH This Week

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

XSS CSRF Blog Comments
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-13863 HIGH This Week

The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Micollab
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-3519 HIGH This Week

A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Data Center Network Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-15482 HIGH This Week

An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass M1000 Multipara Patient Monitor Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11797 HIGH This Week

An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Micollab Audio Web Video Conferencing
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13617 HIGH This Week

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 6863 Firmware 6865 Firmware 6867 Firmware 6869 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5926 HIGH This Week

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5925 HIGH This Week

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5921 HIGH This Week

in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5919 HIGH This Week

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5918 HIGH This Week

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5914 HIGH This Week

In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15484 HIGH This Week

An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M1000 Multipara Patient Monitor Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-5913 HIGH This Week

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-5912 HIGH This Week

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5916 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy