Skip to main content
CVE-2020-14209 HIGH POC PATCH THREAT This Week

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Dolibarr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
27.5%
CVE-2020-25079 HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dcs 4703E Firmware Dcs 4705E Firmware Dcs 4802E Firmware +6
NVD
CVSS 3.1
8.8
EPSS
52.7%
CVE-2020-15167 HIGH POC This Week

In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc`. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Miller
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2020-16602 HIGH POC This Week

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Chroma Sdk
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
6.0%
CVE-2020-25078 HIGH POC KEV PATCH THREAT This Week

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

D-Link Information Disclosure Dcs 4603 Firmware Dcs 4622 Firmware Dcs 4701E Firmware +6
NVD
CVSS 3.1
7.5
EPSS
97.9%
CVE-2020-23830 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Stock Management System
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-5369 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell Emc Isilon Onefs Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15094 HIGH PATCH This Week

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Httpclient Symfony Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-24028 HIGH This Week

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Qualiex
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-7830 HIGH This Week

RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Raon Kupload
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-25045 HIGH This Week

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Center Security Center Web Console
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5386 HIGH This Week

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Elastic Cloud Storage
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5779 HIGH This Week

A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trading Technologies Messaging
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5778 HIGH This Week

A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trading Technologies Messaging
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5622 HIGH This Week

Shadankun Server Security Type (excluding normal blocking method types) Ver.1.5.3 and earlier allows remote attackers to cause a denial of service which may result in not being able to add newly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Server Security Type
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25044 HIGH This Week

Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virus Removal Tool
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-25043 HIGH This Week

The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vpn Secure Connection
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy