Skip to main content
CVE-2020-25751 HIGH POC This Week

The paGO Commerce plugin 2.5.9.0 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pago Commerce
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-15958 HIGH POC This Week

An issue was discovered in 1CRM System through 8.6.7. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 1Crm
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2020-25744 HIGH POC This Week

SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Safervpn
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-8237 HIGH POC PATCH This Week

Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Denial Of Service Json Bigint
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-14029 HIGH POC This Week

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-25750 HIGH POC PATCH This Week

An issue was discovered in DotPlant2 before 2020-09-14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Dotplant2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15189 HIGH POC PATCH This Week

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload RCE Soy Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-8247 HIGH This Week

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware Gateway Netscaler Gateway +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15776 HIGH This Week

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Enterprise
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-8252 HIGH This Week

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Node.js Node Js Leap Fedora
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-11861 HIGH This Week

Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Operations Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3979 HIGH This Week

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Installbuilder
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0405 HIGH This Week

In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0319 HIGH This Week

In NFC, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0299 HIGH This Week

In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0298 HIGH This Week

In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0273 HIGH This Week

In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0262 HIGH This Week

In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0089 HIGH This Week

In the audio server, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-25766 HIGH PATCH This Week

An issue was discovered in MISP before 2.4.132. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8253 HIGH PATCH This Week

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Authentication Bypass Xenmobile Server
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8251 HIGH This Week

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Node Js Fedora
NVD
CVSS 3.1
7.5
EPSS
8.8%
CVE-2020-8246 HIGH This Week

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware Gateway Netscaler Gateway +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-8225 HIGH This Week

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Desktop
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-0300 HIGH This Week

In NFC, there is a possible out of bounds read due to uninitialized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-0286 HIGH This Week

In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-5976 HIGH This Week

NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Nvidia Google Information Disclosure +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5975 HIGH This Week

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Nvidia Microsoft Information Disclosure Geforce Now
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15775 HIGH This Week

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-15771 HIGH This Week

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Enterprise Cache Node
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15768 HIGH This Week

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Enterprise Cache Node
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-25733 HIGH This Week

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Webtareas
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-8201 HIGH This Week

Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Node.js Request Smuggling Information Disclosure Node Js Leap +1
NVD
CVSS 3.1
7.4
EPSS
5.1%
CVE-2020-0271 HIGH This Week

In the Settings app, there is an insecure default value. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2020-16247 HIGH This Week

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clinical Collaboration Platform
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-9745 HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2020-9744 HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2020-9739 HIGH This Week

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
7.1
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy