Skip to main content
CVE-2020-26124 HIGH POC PATCH THREAT Act Now

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Openmediavault
NVD GitHub
CVSS 3.1
8.8
EPSS
67.2%
CVE-2020-17382 HIGH POC This Week

The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ambientlink Mslo64 Firmware
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-14293 HIGH POC This Week

conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Domos
NVD GitHub
CVSS 3.1
7.5
EPSS
5.3%
CVE-2020-12127 HIGH POC This Week

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Wn530H4 Firmware
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2020-18184 HIGH POC This Week

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Pluxxml
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-24628 HIGH This Week

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Kvm Ip Console Switch G2 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-7738 HIGH This Week

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Shiba
NVD
CVSS 3.1
8.3
EPSS
1.6%
CVE-2020-15589 HIGH This Week

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zoho RCE Manageengine Desktop Central Manageengine Remote Access Plus
NVD
CVSS 3.1
8.1
EPSS
8.3%
CVE-2020-24696 HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Authoritative
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-12123 HIGH This Week

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wn530H4 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-25776 HIGH This Week

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-5987 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5984 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Nvidia Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5981 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Buffer Overflow Memory Corruption RCE +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5980 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Microsoft Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5979 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nvidia Microsoft Virtual Gpu Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24356 HIGH PATCH This Week

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cloudflared
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-26538 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-25623 HIGH This Week

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Erlang Otp
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-8110 HIGH This Week

A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Engines
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-24697 HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-26540 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Apple Foxit Reader Phantompdf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-26511 HIGH PATCH This Week

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

WordPress Authentication Bypass Wordpress Azure Ad Microsoft Office 365
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-24397 HIGH This Week

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE Integer Overflow Manageengine Desktop Central
NVD
CVSS 3.1
7.2
EPSS
27.8%
CVE-2020-5988 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5985 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5983 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy