Skip to main content
CVE-2020-26879 CRITICAL POC THREAT Act Now

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruckus Vriot
NVD
CVSS 3.1
9.8
EPSS
42.5%
CVE-2020-18766 CRITICAL POC Act Now

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Antsword
NVD GitHub
CVSS 3.1
9.6
EPSS
1.1%
CVE-2020-26878 HIGH POC THREAT This Week

Ruckus through 1.5.1.0.21 is affected by remote command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ruckus Vriot
NVD
CVSS 3.1
8.8
EPSS
11.5%
CVE-2020-15271 HIGH POC PATCH This Week

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Lookatme
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-7752 HIGH POC PATCH This Week

This affects the package systeminformation before 4.27.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Systeminformation
NVD GitHub
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-26566 HIGH POC This Week

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Motion
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-15897 HIGH POC This Week

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13100 HIGH POC This Week

Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Cloudvision Exchange
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7751 HIGH POC PATCH This Week

pathval before version 1.1.1 is vulnerable to prototype pollution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Pathval
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-25034 MEDIUM POC This Month

{URL], or search[attachment] parameter to the email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Malware Protection System
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-25470 MEDIUM POC This Month

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Antsword
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-27743 CRITICAL Act Now

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pam Tacplus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7197 CRITICAL PATCH Act Now

SSMC3.7.0.0 is vulnerable to remote authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Storeserv Management Console
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7127 CRITICAL Act Now

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Airwave Glass
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-7124 CRITICAL Act Now

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Airwave Glass
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-27678 CRITICAL PATCH Act Now

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Illumos Smartos Omnios
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-15272 CRITICAL PATCH Act Now

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Git Tag Annotation Action
NVD GitHub
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-7125 HIGH This Week

A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation Airwave Glass
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-27187 HIGH PATCH This Week

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Partition Manager
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1915 HIGH PATCH This Week

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Hermes
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-24632 HIGH This Week

A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Information Disclosure Airwave Glass
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-24631 HIGH This Week

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Information Disclosure Airwave Glass
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-7196 MEDIUM This Month

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bluedata Epic Ezmeral Container Platform
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-26161 MEDIUM This Month

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Octopus Deploy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-7126 MEDIUM This Month

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba SSRF Airwave Glass
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-15274 MEDIUM PATCH This Month

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-6876 MEDIUM This Month

A ZTE product is impacted by an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Evdc
NVD
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy