Skip to main content
CVE-2020-14871 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Oracle Memory Corruption Solaris
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
80.3%
CVE-2020-14882 CRITICAL POC KEV THREAT Emergency

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2020-14883 HIGH POC KEV THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD GitHub
CVSS 3.1
7.2
EPSS
97.9%
CVE-2020-27615 CRITICAL POC PATCH THREAT Act Now

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress SQLi Loginizer
NVD WPScan
CVSS 3.1
9.8
EPSS
53.6%
CVE-2020-27605 CRITICAL POC Act Now

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-27613 HIGH POC This Week

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-15266 HIGH POC PATCH This Week

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15265 HIGH POC PATCH This Week

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-27610 HIGH POC This Week

The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-27603 HIGH POC This Week

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-14864 HIGH POC KEV THREAT This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Path Traversal Business Intelligence
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
97.2%
CVE-2020-17381 HIGH POC This Week

An issue was discovered in Ghisler Total Commander 9.51. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Total Commander
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-27607 MEDIUM POC This Month

In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-27604 MEDIUM POC This Month

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-25820 MEDIUM POC PATCH This Month

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microsoft Bigbluebutton
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.8%
CVE-2020-27344 MEDIUM POC This Month

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Cm Download Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-3580 MEDIUM POC KEV PATCH THREAT This Month

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
6.1
EPSS
85.4%
CVE-2020-27608 MEDIUM POC This Month

In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bigbluebutton
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14859 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-14855 CRITICAL Act Now

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Universal Work Queue
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14841 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
52.0%
CVE-2020-14825 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
30.1%
CVE-2020-7750 CRITICAL POC PATCH Act Now

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Scratch Svg Renderer
NVD GitHub Exploit-DB
CVSS 3.1
9.6
EPSS
6.1%
CVE-2020-27609 MEDIUM POC This Month

BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bigbluebutton
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-27606 MEDIUM POC This Month

BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-15240 CRITICAL PATCH Act Now

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Omniauth Auth0
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-14876 CRITICAL Act Now

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2020-14875 CRITICAL Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2020-14805 CRITICAL PATCH Act Now

Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Suite Secure Enterprise Search
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-3456 HIGH PATCH This Week

A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco CSRF Firepower Extensible Operating System
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-5651 HIGH This Week

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Simple Download Monitor
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-14862 HIGH This Week

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Universal Work Queue
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14735 HIGH PATCH This Week

Vulnerability in the Scheduler component of Oracle Database Server. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Oracle Information Disclosure Scheduler
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-3572 HIGH This Week

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2020-3571 HIGH This Week

A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3563 HIGH This Week

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3562 HIGH This Week

A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-3499 HIGH This Week

A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Secure Firewall Management Center
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-3436 HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-3373 HIGH This Week

A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-3304 HIGH This Week

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
3.8%
CVE-2020-14824 HIGH This Week

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-14880 HIGH This Week

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Business Intelligence Publisher
NVD
CVSS 3.1
8.5
EPSS
1.3%
CVE-2020-14879 HIGH This Week

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Business Intelligence Publisher
NVD
CVSS 3.1
8.5
EPSS
1.3%
CVE-2020-14872 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-14863 HIGH This Week

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass One To One Fulfillment
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-14857 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-14856 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-14851 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-14850 HIGH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.1
8.2
EPSS
1.5%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy