Skip to main content
CVE-2020-23451 HIGH POC This Week

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation Spiceworks
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25453 HIGH POC This Week

An issue was discovered in BlackCat CMS before 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Blackcat Cms
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
6.3%
CVE-2020-24925 HIGH POC This Week

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Elkarbackup
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15172 HIGH PATCH This Week

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Fluffycogs
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-4521 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Maximo Asset Management
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2020-4703 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2020-14362 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14361 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14346 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server Ubuntu Linux Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14345 HIGH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation X Server Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-16096 HIGH This Week

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-16101 HIGH This Week

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Command Centre
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-16100 HIGH This Week

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Command Centre
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11977 HIGH PATCH This Week

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Syncope
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-8342 HIGH PATCH This Week

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Rated high severity (CVSS 7.0).

Lenovo Privilege Escalation System Update
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy