Skip to main content
CVE-2020-24115 CRITICAL POC Act Now

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Book Store
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-24354 HIGH POC This Week

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Vmg5313 B30B Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-24363 HIGH POC KEV THREAT This Week

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Tl Wa855Re Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
20.7%
CVE-2020-11618 HIGH POC This Week

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tht741Fta Firmware Dtr3502Bfta Dvb T2 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25031 HIGH POC This Week

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Checkinstall
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-20625 HIGH POC This Week

Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi PHP Sliced Invoices
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-13471 MEDIUM POC This Month

Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apm32F103 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-13468 MEDIUM POC This Month

Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gd32F130 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-13465 MEDIUM POC This Month

The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gd32F103 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-20628 MEDIUM POC This Month

controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wp Gdpr
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-24699 MEDIUM POC This Month

The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Chamber Dashboard Business Directory
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-13655 MEDIUM POC This Month

An issue was discovered in Collabtive 3.0 and later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Collabtive
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11617 MEDIUM POC This Month

The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Tht741Fta Firmware Dtr3502Bfta Dvb T2 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-25062 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 9 and 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-25061 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-25058 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-25057 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-25055 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-25053 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-25052 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Samsung RCE +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-25049 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-7522 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apc Easy Ups Online Software
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7521 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apc Easy Ups Online Software
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-24786 CRITICAL Act Now

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Zoho Microsoft Authentication Bypass Manageengine Adselfservice Plus +10
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2020-12645 CRITICAL Act Now

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-20626 MEDIUM POC This Month

lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google WordPress PHP Lara S Google Analytics
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-20627 MEDIUM POC This Month

The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP Givewp
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-25054 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2020-7526 HIGH This Week

Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Powerchute
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-13593 HIGH This Week

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplelink Cc2640R2 Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-13472 MEDIUM POC This Month

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gd32F103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-13470 MEDIUM POC This Month

Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gd32F103 Firmware Gd32F130 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-13469 MEDIUM POC This Month

The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gd32Vf103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-25060 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-7527 HIGH This Week

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Somove
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7523 HIGH This Week

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus. Rated high severity (CVSS 7.8). No vendor patch available.

Schneider Electric Privilege Escalation Modbus Driver Suite Modbus Serial Driver
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-25065 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-25064 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-25063 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25059 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25056 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25051 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25050 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2075 HIGH This Week

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x - CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lms111 Firmware Lms511 Firmware Clv620 Firmware Clv622 Firmware +26
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7525 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spacelynk Firmware Wiser For Knx Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7524 HIGH This Week

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Denial Of Service Memory Corruption Modicon M218 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15687 HIGH This Week

Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Acrn
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-25032 HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal Flask Cors Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-13466 MEDIUM This Month

STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stm32F103 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5419 MEDIUM This Month

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Rabbitmq Server Rabbitmq
NVD
CVSS 3.1
6.7
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy