Skip to main content
CVE-2020-15148 CRITICAL POC PATCH THREAT Act Now

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Yii
NVD GitHub
CVSS 3.1
10.0
EPSS
78.8%
CVE-2020-23833 CRITICAL POC Act Now

Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PHP House Rental
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-23828 CRITICAL POC Act Now

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Course Registration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-23512 CRITICAL POC Act Now

VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass P1 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-23451 HIGH POC This Week

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation Spiceworks
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25453 HIGH POC This Week

An issue was discovered in BlackCat CMS before 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Blackcat Cms
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
6.3%
CVE-2020-24925 HIGH POC This Week

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Elkarbackup
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-14331 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2020-10759 MEDIUM POC This Month

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Red Hat Enterprise Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-16098 CRITICAL Act Now

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-24924 MEDIUM POC This Month

A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Elkarbackup
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-15178 CRITICAL PATCH Act Now

In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Contactform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2020-24561 CRITICAL Act Now

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection Serverprotect
NVD
CVSS 3.1
9.1
EPSS
5.2%
CVE-2020-7293 CRITICAL Act Now

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2020-15179 CRITICAL PATCH Act Now

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Scratchsig
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15172 HIGH PATCH This Week

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Fluffycogs
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-4521 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Maximo Asset Management
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-4703 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2020-14362 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14361 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14346 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server Ubuntu Linux Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14345 HIGH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation X Server Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-16096 HIGH This Week

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-16101 HIGH This Week

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Command Centre
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-16100 HIGH This Week

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Command Centre
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11977 HIGH PATCH This Week

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Syncope
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-8342 HIGH PATCH This Week

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Rated high severity (CVSS 7.0).

Lenovo Privilege Escalation System Update
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-4711 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-13303 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-8927 MEDIUM PATCH This Month

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Brotli Debian Linux Fedora Ubuntu Linux +6
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2020-8340 MEDIUM This Month

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo IBM Integrated Management Module 2
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-8339 MEDIUM This Month

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Advanced Management Module Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7296 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2020-10767 MEDIUM PATCH This Month

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10766 MEDIUM PATCH This Month

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14385 MEDIUM PATCH This Month

A flaw was found in the Linux kernel before 5.9-rc4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14314 MEDIUM PATCH This Month

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8346 MEDIUM This Month

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9416 MEDIUM This Month

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Spotfire Analyst Spotfire Analytics Platform Spotfire Desktop Spotfire Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25071 MEDIUM This Month

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nifty
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4530 MEDIUM PATCH This Month

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13307 MEDIUM PATCH This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
1.0%
CVE-2020-7295 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-7294 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-16097 MEDIUM This Month

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-14304 MEDIUM This Month

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-4526 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Maximo Asset Management
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-16099 MEDIUM This Month

In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4344 LOW PATCH Monitor

IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Business Service Manager
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-13308 LOW Monitor

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy