Skip to main content
CVE-2020-23834 HIGH POC This Week

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Barracudadrive
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24659 HIGH POC This Week

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-24986 HIGH POC This Week

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-14008 HIGH POC THREAT This Week

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho RCE Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
35.8%
CVE-2020-12248 HIGH This Week

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3495 HIGH This Week

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Jabber
NVD
CVSS 3.1
8.8
EPSS
62.1%
CVE-2020-3430 HIGH This Week

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Cisco Command Injection Jabber
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-3530 HIGH This Week

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xr
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-11493 HIGH This Week

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-3478 HIGH This Week

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-4545 HIGH This Week

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM Aspera Connect
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-3473 HIGH This Week

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24941 HIGH PATCH This Week

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Laravel
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-24940 HIGH PATCH This Week

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Laravel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12247 HIGH This Week

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.1
EPSS
3.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy