Skip to main content
CVE-2020-12282 HIGH POC This Week

iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF PHP Ismartgate Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-24365 HIGH POC THREAT This Week

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wrtm 127Acn Firmware Wrtm 127X9 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.4%
CVE-2020-15222 HIGH POC PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fosite
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-13119 HIGH POC This Week

ismartgate PRO 1.5.9 is vulnerable to clickjacking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ismartgate Pro Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-15850 HIGH POC This Week

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Backup Replication Director
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13991 HIGH POC This Week

vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12837 HIGH POC This Week

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15843 HIGH POC This Week

ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\,. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Actfax
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-16148 HIGH POC This Week

The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Accesslog Firmware Educ Box Firmware Git Box Firmware
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-3425 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3400 HIGH This Week

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3141 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-12817 HIGH This Week

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortitester
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-3560 HIGH This Week

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Wireless Lan Controller Software Business Access Points +2
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3559 HIGH This Week

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Business Access Points Access Points +1
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3527 HIGH This Week

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3526 HIGH This Week

A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3510 HIGH This Week

A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3509 HIGH This Week

A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3492 HIGH This Week

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3480 HIGH This Week

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3414 HIGH This Week

A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-3408 HIGH This Week

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-3407 HIGH This Week

A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Null Pointer Dereference Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3399 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3359 HIGH This Week

A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3475 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-3474 HIGH This Week

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-15223 HIGH PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2020-17365 HIGH This Week

Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Hotspot Shield
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8333 HIGH PATCH This Week

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Lenovo 63 Firmware H50 30G Firmware M4500 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3404 HIGH This Week

A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3403 HIGH This Week

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3393 HIGH This Week

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Docker Apple Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-19447 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-3479 HIGH This Week

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-3422 HIGH This Week

A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-3421 HIGH This Week

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-24560 HIGH This Week

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-15604 HIGH This Week

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus 2019 Internet Security 2019 Maximum Security 2019 +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-3552 HIGH This Week

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Null Pointer Dereference Denial Of Service Wireless Lan Controller Business Access Points +2
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-3512 HIGH This Week

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2020-3511 HIGH This Week

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2020-3508 HIGH This Week

A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2020-3497 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-3494 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2020-3493 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-3489 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-3488 HIGH This Week

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-3409 HIGH This Week

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy