Skip to main content
CVE-2020-25826 HIGH POC This Week

PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24213 HIGH POC This Week

An integer overflow was discovered in YGOPro ygocore v13.51. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Ygocore
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25821 HIGH POC This Week

peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Peg Markdown
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-2280 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Jenkins Warnings
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-3135 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-3569 HIGH KEV THREAT This Week

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
8.6
EPSS
3.3%
CVE-2020-25603 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25595 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen Fedora Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11031 HIGH PATCH This Week

In GLPI before version 9.5.0, the encryption algorithm used is insecure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-7122 HIGH This Week

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Buffer Overflow Memory Corruption Cisco +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-7121 HIGH This Week

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Aruba Cx 6200F Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-24625 HIGH This Week

Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Utility Computing Service Meter
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-24624 HIGH This Week

Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Utility Computing Service Meter
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10714 HIGH PATCH This Week

A flaw was found in WildFly Elytron version 1.11.3.Final and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Wildfly Elytron Codeready Studio Descision Manager +3
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3133 HIGH This Week

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-16244 HIGH This Week

GE Digital APM Classic, Versions 4.4 and prior. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Asset Performance Management Classic
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2020-3143 HIGH This Week

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ex60 Firmware Ex90 Firmware Sx10 Firmware +18
NVD
CVSS 3.1
7.2
EPSS
8.5%
CVE-2020-2284 HIGH PATCH This Week

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Liquibase Runner
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-14365 HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine Ansible Tower Ceph Storage +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-25599 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy