Skip to main content
CVE-2020-15195 HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-25136 HIGH POC This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-24621 HIGH POC PATCH This Week

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Htmlformentry
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-23837 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Multi User
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-15212 HIGH POC PATCH This Week

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2020-24718 HIGH POC This Week

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Authentication Bypass Freebsd Omnios Openindiana +1
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-15214 HIGH POC PATCH This Week

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-15206 HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15203 HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15193 HIGH POC PATCH This Week

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Python Tensorflow Leap
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-25149 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25145 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25144 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25143 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-25134 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-25133 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-15369 HIGH This Week

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25748 HIGH This Week

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rv 3406 Firmware Rv 3409 Firmware Rv 3411 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-19455 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-19451 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-19450 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5930 HIGH This Week

In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +10
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-26112 HIGH This Week

The email quota cache in cPanel before 90.0.10 allows overwriting of files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-26109 HIGH This Week

cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-26107 HIGH This Week

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26106 HIGH This Week

cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26104 HIGH This Week

In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26103 HIGH This Week

In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26102 HIGH This Week

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26099 HIGH This Week

cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13387 HIGH This Week

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-12824 HIGH This Week

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-24593 HIGH This Week

Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micloud Management Portal
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-24692 HIGH This Week

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

XSS Micontact Center Business
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy