Skip to main content
CVE-2020-24955 HIGH POC This Week

SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Professional X
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-6152 HIGH POC This Week

A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Imagegear
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-8023 HIGH POC This Week

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Openldap2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-23971 HIGH POC This Week

gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gmapfp
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7669 HIGH POC PATCH This Week

This affects all versions of package github.com/u-root/u-root/pkg/tarutil. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal U Root
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-7666 HIGH POC PATCH This Week

This affects all versions of package github.com/u-root/u-root/pkg/cpio. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal U Root
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7665 HIGH POC PATCH This Week

This affects all versions of package github.com/u-root/u-root/pkg/uzip. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal U Root
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-7720 HIGH POC PATCH This Week

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Forge
NVD GitHub
CVSS 3.1
7.3
EPSS
3.2%
CVE-2020-23839 MEDIUM POC THREAT This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.5%
CVE-2020-23835 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tailor Management System
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-23831 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Stock Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6151 CRITICAL Act Now

A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-25069 CRITICAL Act Now

USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Usvn
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-15150 CRITICAL PATCH Act Now

There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Paginator
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-23450 MEDIUM POC This Month

Spiceworks Version <= 7.5.00107 is affected by XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-6874 CRITICAL Act Now

A ZTE product is impacted by the cryptographic issues vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxiptv Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2020-25070 HIGH This Week

USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Usvn
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-16208 HIGH This Week

The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-17405 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Symphony
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2241 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Database
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2240 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Database
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-25067 HIGH This Week

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R8300 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-24559 HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple Apex One Officescan +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24557 HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24556 HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Microsoft Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24554 HIGH PATCH This Week

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Open Redirect Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-24584 HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-24583 HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-14178 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-12776 HIGH This Week

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail2000
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-24558 HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-2245 HIGH This Week

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Valgrind
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-8335 MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad A275 Firmware Thinkpad A285 Firmware Thinkpad A475 Firmware +5
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-2250 MEDIUM PATCH This Month

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soapui Pro Functional Testing
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-2247 MEDIUM PATCH This Month

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Klocwork Analysis
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2242 MEDIUM PATCH This Month

A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Database
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-2248 MEDIUM This Month

Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Jsgames
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-13946 MEDIUM PATCH This Month

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Cassandra Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2020-15704 MEDIUM This Month

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Debian Information Disclosure Ppp
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-2246 MEDIUM This Month

Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Valgrind
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2244 MEDIUM PATCH This Month

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Failure Analyzer
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2243 MEDIUM PATCH This Month

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Cadence Vmanager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2238 MEDIUM PATCH This Month

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Git Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-6873 MEDIUM This Month

A ZTE product has a DoS vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxr10 2800 4 Almpufb Low Firmware
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-2251 MEDIUM PATCH This Month

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soapui Pro Functional Testing
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-2239 MEDIUM PATCH This Month

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Parameterized Remote Trigger
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-14514 MEDIUM This Month

All trailer Power Line Communications are affected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Line Communications
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-2249 LOW Monitor

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Team Foundation Server
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-8341 LOW Monitor

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Thinkpad T490 20Nx Firmware Thinkpad T490 20Qx Firmware Thinkpad T490 20Rx Firmware +7
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy