Skip to main content
CVE-2020-5792 HIGH POC THREAT Act Now

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache RCE Nagios Xi
NVD
CVSS 3.1
7.2
EPSS
61.0%
CVE-2020-5791 HIGH POC THREAT Act Now

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Nagios Xi
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
78.6%
CVE-2020-7748 HIGH POC PATCH This Week

This affects the package @tsed/core before 5.65.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Prototype Pollution Information Disclosure Ts Ed
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-7749 HIGH POC PATCH This Week

This affects all versions of package osm-static-maps. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Osm Static Maps
NVD GitHub
CVSS 3.1
7.6
EPSS
1.6%
CVE-2020-24765 HIGH POC This Week

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imind Server
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-9417 HIGH This Week

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Foresight Archive And Retrieval System Foresight Operational Monitor Foresight Transaction Insight
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-24415 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24414 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24413 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24412 HIGH PATCH This Week

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Adobe RCE Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-24411 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2020-24410 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-24409 HIGH PATCH This Week

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-15264 HIGH PATCH This Week

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Boxstarter
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-3982 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-25648 HIGH PATCH This Week

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Network Security Services Enterprise Linux Fedora Communications Offline Mediation Controller +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-25157 HIGH This Week

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi R Seenet
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15931 HIGH This Week

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Account Lockout Examiner
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-3994 HIGH PATCH This Week

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy