Skip to main content
CVE-2020-7465 CRITICAL POC PATCH Act Now

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Memory Corruption Mpd +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-24218 CRITICAL POC Act Now

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-24217 CRITICAL POC THREAT Act Now

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Authentication Bypass Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware +5
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
40.3%
CVE-2020-24215 CRITICAL POC THREAT Act Now

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware H 264 Iptv Encoder 1080P 60Hz Firmware +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.8%
CVE-2020-24214 CRITICAL POC THREAT Act Now

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware H 264 Iptv Encoder 1080P 60Hz Firmware Vecaster Hd H264 Firmware +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.4%
CVE-2020-26574 CRITICAL POC Act Now

Leostream Connection Broker 8.2.x is affected by stored XSS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD
CVSS 3.1
9.6
EPSS
2.1%
CVE-2020-13343 HIGH POC This Week

An issue has been discovered in GitLab affecting all versions starting from 11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26582 HIGH POC PATCH This Week

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection D-Link Dap 1360U Firmware
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2020-7739 HIGH POC PATCH This Week

This affects all versions of package phantomjs-seo. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Phantomjs Seo
NVD GitHub
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-25866 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Wireshark Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-25863 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-25862 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-7466 HIGH POC PATCH This Week

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Mpd Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-24219 HIGH POC THREAT This Week

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
23.6%
CVE-2020-24216 HIGH POC This Week

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware H 264 Iptv Encoder 1080P 60Hz Firmware Vecaster Hd H264 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-15598 HIGH POC This Week

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Modsecurity Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-25987 HIGH POC This Week

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monocms
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25986 MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Monocms
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-23832 MEDIUM POC This Month

A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Car Rental Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-7741 CRITICAL PATCH Act Now

This affects the package hellojs before 1.18.6. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hello Js
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2020-26607 CRITICAL Act Now

An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-1907 CRITICAL Act Now

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Google +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-8782 CRITICAL Act Now

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aleos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-13345 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 10.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-16267 HIGH This Week

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Applications Manager
NVD
CVSS 3.1
8.8
EPSS
43.3%
CVE-2020-15927 HIGH This Week

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho SQLi SAP Manageengine Applications Manager
NVD
CVSS 3.1
8.8
EPSS
40.3%
CVE-2020-5634 HIGH This Week

ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrc 2533Gst2 Firmware Wrc 1900Gst2 Firmware Wrc 1750Gst2 Firmware Wrc 1167Gst2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-13333 MEDIUM POC This Month

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-7740 HIGH This Week

This affects all versions of package node-pdf-generator. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Node Pdf Generator
NVD GitHub
CVSS 3.1
8.2
EPSS
2.0%
CVE-2020-24807 HIGH This Week

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Socket Io File
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-1906 HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Heap Overflow Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8781 HIGH This Week

Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aleos
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-5632 HIGH This Week

InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apache RCE Microsoft Infocage Siteshell
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-26606 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-26605 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-26604 HIGH This Week

An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-26602 HIGH This Week

An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-26601 HIGH This Week

An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-26600 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-26598 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-26597 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-1902 HIGH This Week

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15174 HIGH PATCH This Week

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26575 HIGH PATCH This Week

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Fedora Debian Linux Zfs Storage Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-25644 HIGH PATCH This Week

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Wildfly Openssl Data Grid Jboss Data Grid +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-25613 HIGH PATCH This Week

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Ruby Webrick Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-25803 HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-25802 HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-25643 HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2020-25637 MEDIUM PATCH This Month

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Libvirt Leap
NVD
CVSS 3.1
6.7
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy