Skip to main content
CVE-2020-16875 HIGH POC PATCH THREAT Act Now

<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.4
EPSS
47.1%
CVE-2020-23824 HIGH POC This Week

ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-14363 HIGH POC This Week

An integer overflow vulnerability leading to a double-free was found in libX11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Libx11 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-11991 HIGH POC THREAT This Week

When using the StreamGenerator, the code parse a user-provided XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cocoon
NVD
CVSS 3.1
7.5
EPSS
72.5%
CVE-2020-1595 CRITICAL PATCH Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2020-1210 CRITICAL PATCH Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2020-25283 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-25282 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-25279 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-25278 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-14100 CRITICAL Act Now

In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection R3600 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-14096 CRITICAL Act Now

Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xiaomi Ai Speaker Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-25260 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Onbase
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-25259 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Onbase
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25258 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Onbase
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-25257 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Onbase
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-25254 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Onbase
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-25253 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Onbase
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-14330 MEDIUM POC PATCH This Month

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Engine Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-25256 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Onbase
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2020-25251 CRITICAL Act Now

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Onbase
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2020-1523 HIGH PATCH This Week

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
8.9
EPSS
2.2%
CVE-2020-1129 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-1012 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Internet Explorer
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-0922 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-0761 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-0718 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-16222 HIGH This Week

In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Patient Information Center Ix Performancebridge Focal Point
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25252 HIGH This Week

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Onbase
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-1460 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
3.7%
CVE-2020-1453 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2020-1452 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2020-1200 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-1576 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.5
EPSS
1.6%
CVE-2020-1285 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.4
EPSS
3.8%
CVE-2020-1507 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.9
EPSS
2.7%
CVE-2020-1594 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1559 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1532 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1491 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1376 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1338 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1335 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +3
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1332 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1252 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2020-1218 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-1193 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-1169 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-1115 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-1098 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy