Skip to main content
CVE-2020-15160 CRITICAL POC PATCH THREAT Act Now

PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Prestashop
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.8%
CVE-2020-15851 CRITICAL POC Act Now

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Backup Replication Transporter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12843 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12842 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12839 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12838 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-13505 CRITICAL POC Act Now

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13504 CRITICAL POC Act Now

Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13501 CRITICAL POC Act Now

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13500 CRITICAL POC Act Now

SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13499 CRITICAL POC Act Now

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Edna Enterprise Data Historian
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-16147 CRITICAL POC Act Now

The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Accesslog Firmware Educ Box Firmware Git Box Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-12282 HIGH POC This Week

iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-24365 HIGH POC THREAT This Week

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wrtm 127Acn Firmware Wrtm 127X9 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.4%
CVE-2020-15222 HIGH POC PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fosite
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-13119 HIGH POC This Week

ismartgate PRO 1.5.9 is vulnerable to clickjacking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ismartgate Pro Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-15850 HIGH POC This Week

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Backup Replication Director
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13991 HIGH POC This Week

vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12837 HIGH POC This Week

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15843 HIGH POC This Week

ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\,. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Actfax
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-16148 HIGH POC This Week

The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Accesslog Firmware Educ Box Firmware Git Box Firmware
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-12841 MEDIUM POC This Month

ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12840 MEDIUM POC This Month

ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12281 MEDIUM POC This Month

iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12280 MEDIUM POC This Month

iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15930 MEDIUM POC PATCH This Month

An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Joplin
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.4%
CVE-2020-15162 MEDIUM POC PATCH This Month

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Prestashop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-3426 CRITICAL Act Now

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Apple Cisco Information Disclosure +1
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2020-3425 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3400 HIGH This Week

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3141 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-12817 HIGH This Week

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortitester
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-3560 HIGH This Week

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Wireless Lan Controller Software Business Access Points +2
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3559 HIGH This Week

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Business Access Points Access Points +1
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3527 HIGH This Week

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3526 HIGH This Week

A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3510 HIGH This Week

A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3509 HIGH This Week

A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3492 HIGH This Week

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3480 HIGH This Week

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3414 HIGH This Week

A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-3408 HIGH This Week

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-3407 HIGH This Week

A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Null Pointer Dereference Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3399 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3359 HIGH This Week

A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3475 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-3474 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-15223 HIGH PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2020-17365 HIGH This Week

Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Hotspot Shield
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8333 HIGH PATCH This Week

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Lenovo 63 Firmware H50 30G Firmware M4500 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy