Skip to main content
CVE-2020-13802 CRITICAL POC Act Now

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rebar3
NVD GitHub
CVSS 3.1
9.8
EPSS
6.8%
CVE-2020-24355 CRITICAL POC Act Now

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Vmg5313 B30B Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14209 HIGH POC PATCH THREAT This Week

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Dolibarr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
27.5%
CVE-2020-25079 HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dcs 4703E Firmware Dcs 4705E Firmware Dcs 4802E Firmware +6
NVD
CVSS 3.1
8.8
EPSS
52.7%
CVE-2020-15167 HIGH POC This Week

In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc`. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Miller
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2020-16602 HIGH POC This Week

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Chroma Sdk
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
6.0%
CVE-2020-25078 HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dcs 4603 Firmware Dcs 4622 Firmware Dcs 4701E Firmware +6
NVD
CVSS 3.1
7.5
EPSS
97.9%
CVE-2020-23830 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Stock Management System
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-24553 MEDIUM POC PATCH This Month

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Go Fedora Leap Communications Cloud Native Core Policy
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2020-24604 MEDIUM POC This Month

A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24602 MEDIUM POC This Month

Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName",. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-24601 MEDIUM POC This Month

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-4693 CRITICAL Act Now

IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE IBM Spectrum Protect Operations Center
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-24030 CRITICAL Act Now

ForLogic Qualiex v1 and v3 has weak token expiration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Qualiex
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-24029 CRITICAL Act Now

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qualiex
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-25073 MEDIUM POC This Month

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Freedombox
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-5369 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell Emc Isilon Onefs Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15094 HIGH PATCH This Week

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Httpclient Symfony Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-24028 HIGH This Week

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Qualiex
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-7830 HIGH This Week

RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Raon Kupload
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-25045 HIGH This Week

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Center Security Center Web Console
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5386 HIGH This Week

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Elastic Cloud Storage
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5779 HIGH This Week

A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trading Technologies Messaging
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5778 HIGH This Week

A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trading Technologies Messaging
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5622 HIGH This Week

Shadankun Server Security Type (excluding normal blocking method types) Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Server Security Type
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25044 HIGH This Week

Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virus Removal Tool
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-25043 HIGH This Week

The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vpn Secure Connection
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5379 MEDIUM This Month

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dell Inspiron 7352 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5378 MEDIUM This Month

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE G7 17 7790 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5376 MEDIUM This Month

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE Inspiron 7347 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-15811 MEDIUM PATCH This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Squid Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
4.2%
CVE-2020-15810 MEDIUM This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Squid Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-12621 MEDIUM This Month

The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Teamwire
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-16150 MEDIUM This Month

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mbed Tls Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8576 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4546 MEDIUM This Month

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Doors Next Engineering Requirements Management Doors Next Engineering Test Management +7
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4522 MEDIUM This Month

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Doors Next Engineering Requirements Management Doors Next Engineering Test Management +7
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4445 MEDIUM This Month

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Doors Next Engineering Requirements Management Doors Next Engineering Test Management +7
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-17458 MEDIUM This Month

A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Multiux
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25026 MEDIUM PATCH This Month

The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Event Management And Registration
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-25025 MEDIUM PATCH This Month

The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Information Disclosure Localization Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-24654 LOW PATCH Monitor

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ark Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
3.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy