Skip to main content
CVE-2020-24354 HIGH POC This Week

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Vmg5313 B30B Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-24363 HIGH POC KEV THREAT This Week

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Tl Wa855Re Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
20.7%
CVE-2020-11618 HIGH POC This Week

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tht741Fta Firmware Dtr3502Bfta Dvb T2 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25031 HIGH POC This Week

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Checkinstall
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-20625 HIGH POC This Week

Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi PHP Sliced Invoices
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-7526 HIGH This Week

Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Powerchute
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-13593 HIGH This Week

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Simplelink Cc2640R2 Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-25060 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-7527 HIGH This Week

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Somove
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7523 HIGH This Week

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus. Rated high severity (CVSS 7.8). No vendor patch available.

Schneider Electric Privilege Escalation Modbus Driver Suite Modbus Serial Driver
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-25065 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-25064 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-25063 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25059 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25056 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25051 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25050 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2075 HIGH This Week

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x - CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lms111 Firmware Lms511 Firmware Clv620 Firmware Clv622 Firmware +26
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7525 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spacelynk Firmware Wiser For Knx Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7524 HIGH This Week

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Denial Of Service Memory Corruption Modicon M218 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15687 HIGH This Week

Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Acrn
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-25032 HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal Flask Cors Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy