Skip to main content
CVE-2020-11698 CRITICAL POC THREAT Emergency

An issue was discovered in Titan SpamTitan 7.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
73.7%
CVE-2020-25489 CRITICAL POC PATCH Act Now

A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Python Python Mini Racer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-24753 CRITICAL POC PATCH Act Now

A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Objective Open Cbor Run Time
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-15182 CRITICAL POC PATCH Act Now

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE CSRF Path Traversal Soy Cms Soy Inquiry
NVD GitHub
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-8028 CRITICAL POC Act Now

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Salt Netapi Client
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2020-25728 HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Reset Password
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11804 HIGH POC This Week

An issue was discovered in Titan SpamTitan 7.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.1%
CVE-2020-11803 HIGH POC This Week

An issue was discovered in Titan SpamTitan 7.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.5%
CVE-2020-11699 HIGH POC This Week

An issue was discovered in Titan SpamTitan 7.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2020-6116 HIGH POC THREAT This Week

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
28.4%
CVE-2020-6115 HIGH POC This Week

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-6113 HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
68.6%
CVE-2020-6112 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
17.1%
CVE-2020-25727 HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reset Password
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-25490 HIGH POC This Week

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Code Injection PHP Php Microagent
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2020-24046 HIGH POC This Week

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Spamtitan
NVD GitHub
CVSS 3.1
7.2
EPSS
3.4%
CVE-2020-24045 HIGH POC This Week

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass VMware Spamtitan
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-11700 MEDIUM POC This Month

An issue was discovered in Titan SpamTitan 7.07. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Spamtitan
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
7.1%
CVE-2020-13260 MEDIUM POC This Month

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secflow 1V Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-0333 CRITICAL Act Now

In UrlQuerySanitizer, there is a possible improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-25216 CRITICAL Act Now

yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Yed
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-25215 CRITICAL Act Now

yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Yed
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-0380 CRITICAL PATCH Act Now

In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-0342 CRITICAL Act Now

There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-0278 CRITICAL Act Now

There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-0229 CRITICAL Act Now

There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-0123 CRITICAL Act Now

There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-0293 MEDIUM POC This Month

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Java Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-14181 MEDIUM POC THREAT This Month

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.6%
CVE-2020-13169 CRITICAL Act Now

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Orion Platform
NVD
CVSS 3.1
9.0
EPSS
2.2%
CVE-2020-0321 HIGH This Week

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0303 HIGH This Week

In the Media extractor, there is a possible use after free due to improper locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Google Use After Free +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-0264 HIGH This Week

In libstagefright, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-15183 MEDIUM POC PATCH This Month

SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE Soycms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-0245 HIGH PATCH This Week

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-13948 HIGH PATCH This Week

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Information Disclosure Superset
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-24750 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Agile Plm Application Testing Suite Autovue For Agile Product Lifecycle Management +22
NVD GitHub
CVSS 3.1
8.1
EPSS
7.3%
CVE-2020-0406 HIGH This Week

In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0375 HIGH This Week

In Telephony, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0374 HIGH This Week

In NFC, there is a possible permission bypass due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0369 HIGH This Week

In libavb, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0366 HIGH This Week

In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0360 HIGH This Week

In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0357 HIGH This Week

In SurfaceFlinger, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0346 HIGH This Week

In Mediaserver, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0345 HIGH This Week

In DocumentsUI, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0341 HIGH This Week

In DisplayManager, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0306 HIGH This Week

In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0277 HIGH This Week

In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0275 HIGH This Week

In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy