Skip to main content
CVE-2020-25213 CRITICAL POC KEV PATCH THREAT Act Now

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload WordPress PHP File Manager
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.3%
CVE-2020-2038 HIGH POC THREAT Act Now

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Paloalto Command Injection Pan Os
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
86.1%
CVE-2020-24916 CRITICAL POC PATCH THREAT Act Now

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
17.4%
CVE-2020-24379 CRITICAL POC PATCH Act Now

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-24199 CRITICAL POC Act Now

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Car Rental Project
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-24197 CRITICAL POC Act Now

A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24074 CRITICAL POC PATCH Act Now

The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Silk V3 Decoder
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-13127 HIGH POC This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-2036 HIGH POC THREAT This Week

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-25219 HIGH POC This Week

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libproxy Debian Linux Fedora Leap +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-6318 HIGH POC This Week

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection SAP Abap Platform
NVD
CVSS 3.1
7.2
EPSS
5.6%
CVE-2020-14342 HIGH POC PATCH This Week

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Cifs Utils Fedora Leap
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2020-24194 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Daily Tracker System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-24198 MEDIUM POC This Month

A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Stock Management System
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-25211 MEDIUM POC This Month

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-15786 CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Basic Panels 2Nd Generation Firmware Simatic Hmi Comfort Panels Firmware Simatic Hmi Mobile Panels Firmware Simatic Hmi United Comfort Panels Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-15173 CRITICAL PATCH Act Now

In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Accel Ppp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15903 CRITICAL Act Now

An issue was found in Nagios XI before 5.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-15787 CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi United Comfort Panels Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-2040 CRITICAL Act Now

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-11986 CRITICAL Act Now

To be able to analyze gradle projects, the build scripts need to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Netbeans
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-14292 MEDIUM POC This Month

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Covidsafe
NVD GitHub
CVSS 3.1
5.7
EPSS
1.3%
CVE-2020-24195 CRITICAL Act Now

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Online Bike Rental
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2020-3634 CRITICAL Act Now

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8053 Firmware Apq8096Au Firmware +48
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-7319 HIGH This Week

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-15163 HIGH PATCH This Week

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass The Update Framework
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-1913 HIGH PATCH This Week

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Hermes
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-1912 HIGH PATCH This Week

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15789 HIGH This Week

A vulnerability has been identified in Polarion Subversion Webclient (All versions). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Polarion Subversion Webclient
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-6320 HIGH This Week

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Marketing
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-6302 HIGH This Week

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Session Fixation Information Disclosure Commerce
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-10056 HIGH This Week

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation License Management Utility
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10051 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Simatic Rtls Locating Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10050 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7325 HIGH This Week

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mvision Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3656 HIGH PATCH This Week

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Kamorta Firmware Mdm9607 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11129 HIGH This Week

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Information Disclosure Bitra Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11124 HIGH PATCH This Week

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Memory Corruption Information Disclosure Mdm9607 Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7068 LOW POC PATCH Monitor

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which. Rated low severity (CVSS 3.6). Public exploit code available.

Information Disclosure Use After Free Memory Corruption PHP Debian Linux +1
NVD
CVSS 3.1
3.6
EPSS
1.7%
CVE-2020-2041 HIGH This Week

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-24566 HIGH This Week

In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-1749 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Enterprise Mrg
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14384 HIGH This Week

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Jboss Enterprise Application Platform Jbossweb
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11135 HIGH This Week

u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8098 Firmware Kamorta Firmware Msm8917 Firmware +24
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10049 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-7320 HIGH This Week

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-2042 HIGH This Week

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-2037 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2020-3617 HIGH This Week

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Kamorta Firmware Nicobar Firmware Qcs605 Firmware +13
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-25212 HIGH PATCH This Week

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in. Rated high severity (CVSS 7.0).

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy