Skip to main content
CVE-2020-5792 HIGH POC THREAT Act Now

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache RCE Nagios Xi
NVD
CVSS 3.1
7.2
EPSS
61.0%
CVE-2020-5791 HIGH POC THREAT Act Now

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Nagios Xi
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
78.6%
CVE-2020-7748 HIGH POC PATCH This Week

This affects the package @tsed/core before 5.65.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Prototype Pollution Information Disclosure Ts Ed
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-7749 HIGH POC PATCH This Week

This affects all versions of package osm-static-maps. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Osm Static Maps
NVD GitHub
CVSS 3.1
7.6
EPSS
1.6%
CVE-2020-24765 HIGH POC This Week

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imind Server
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-5790 MEDIUM POC This Month

Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nagios Xi
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-7747 MEDIUM POC This Month

This affects all versions of package lightning-server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightning
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2020-3992 CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption VMware Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
83.0%
CVE-2020-5640 CRITICAL PATCH Act Now

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Onethird
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-6308 MEDIUM POC THREAT This Month

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
61.7%
CVE-2020-15269 CRITICAL PATCH Act Now

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Spree
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-9417 HIGH This Week

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Foresight Archive And Retrieval System Foresight Operational Monitor Foresight Transaction Insight
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-7371 MEDIUM POC This Month

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rits Browser
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-7370 MEDIUM POC This Month

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bolt Browser
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-7369 MEDIUM POC This Month

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yandex Browser
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-7364 MEDIUM POC This Month

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uc Browser
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-7363 MEDIUM POC This Month

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uc Browser
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-24415 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24414 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24413 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24412 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24411 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2020-24410 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-24409 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-15264 HIGH PATCH This Week

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Boxstarter
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-3982 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-25648 HIGH PATCH This Week

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Network Security Services Enterprise Linux Fedora Communications Offline Mediation Controller +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-25157 HIGH This Week

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi R Seenet
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15931 HIGH This Week

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Account Lockout Examiner
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-3994 HIGH PATCH This Week

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-6366 MEDIUM This Month

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Compare Systems
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6362 MEDIUM This Month

SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Authentication Bypass Banking Services
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-24416 MEDIUM This Month

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Marketo Sales Insight
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-4748 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Scale
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-16246 MEDIUM This Month

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S2020 Firmware S2024 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6367 MEDIUM This Month

There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Composite Application Framework
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3993 MEDIUM PATCH This Month

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Vmware Nsx T Data Center Cloud Foundation
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-6369 MEDIUM This Month

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Authentication Bypass Focused Run Solution Manager
NVD
CVSS 3.1
5.9
EPSS
2.6%
CVE-2020-3981 MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure Cloud Foundation Workstation +2
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-4756 MEDIUM PATCH This Month

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Elastic Denial Of Service IBM Elastic Storage Server Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4491 MEDIUM PATCH This Month

IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-6315 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-4755 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Scale
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4564 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-3995 MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi Cloud Foundation Workstation +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-6370 MEDIUM This Month

SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Design Time Repository
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4749 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy