Skip to main content
CVE-2020-16952 HIGH POC PATCH THREAT Act Now

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
70.9%
CVE-2020-15867 HIGH POC THREAT Act Now

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Gogs
NVD
CVSS 3.1
7.2
EPSS
87.2%
CVE-2020-14144 HIGH POC PATCH THREAT Act Now

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gitea
NVD GitHub
CVSS 3.1
7.2
EPSS
95.4%
CVE-2020-15254 CRITICAL POC PATCH Act Now

Crossbeam is a set of tools for concurrent programming. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Crossbeam
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-26944 CRITICAL POC Act Now

An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft Product Configurator
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-27176 CRITICAL POC Act Now

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-15252 HIGH POC PATCH This Week

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-26682 HIGH POC This Week

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libass
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-25214 HIGH POC This Week

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Overwolf
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2020-15258 HIGH POC PATCH This Week

In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Wire
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2020-15255 HIGH POC PATCH This Week

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Time Tracker
NVD GitHub Exploit-DB
CVSS 3.1
7.3
EPSS
3.5%
CVE-2020-17003 HIGH PATCH Act Now

<p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 12.5%.

RCE Buffer Overflow 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
12.5%
CVE-2020-16918 HIGH PATCH Act Now

<p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 12.5%.

RCE Buffer Overflow Memory Corruption 365 Apps 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
12.5%
CVE-2020-1660 CRITICAL Act Now

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2020-26943 CRITICAL PATCH Act Now

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Authentication Bypass Blazar Dashboard
NVD
CVSS 3.1
9.9
EPSS
3.3%
CVE-2020-9918 CRITICAL Act Now

An out-of-bounds read was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X Tvos +1
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-9895 CRITICAL Act Now

A use after free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +8
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-9864 CRITICAL Act Now

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-9934 MEDIUM POC KEV THREAT This Month

An issue existed in the handling of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.5
EPSS
3.2%
CVE-2020-26672 MEDIUM POC This Month

Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Testimonial Rotator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-1080 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-16911 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-16898 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.8
EPSS
9.7%
CVE-2020-16891 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-1673 HIGH This Week

Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-1656 HIGH This Week

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-9983 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Icloud +7
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-9951 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple RCE Use After Free +9
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-9948 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple Safari Webkitgtk +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-9910 HIGH This Week

Multiple issues were addressed with improved logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apple Icloud Itunes +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-9893 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +8
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-9870 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-16946 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Designer Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.7
EPSS
1.6%
CVE-2020-16945 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.7
EPSS
1.7%
CVE-2020-16944 HIGH PATCH This Week

<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p> <p>An authenticated attacker could exploit this. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.7
EPSS
1.6%
CVE-2020-16951 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-9865 HIGH This Week

A memory corruption issue was addressed by removing the vulnerable code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Ipados Iphone Os +3
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2020-1675 HIGH This Week

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Mist Cloud Ui
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2020-1667 HIGH This Week

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
8.3
EPSS
0.7%
CVE-2020-1243 HIGH PATCH This Week

<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1167 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-1047 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17023 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
4.6%
CVE-2020-17022 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2020-16995 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Network Watcher Agent
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-16980 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-16976 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-16975 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-16974 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-16973 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy