Skip to main content
CVE-2020-24881 CRITICAL POC PATCH THREAT Act Now

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

SSRF Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
73.3%
Threat
5.7
CVE-2020-14750 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Information Disclosure Weblogic Server
NVD GitHub
CVSS 3.1
9.8
EPSS
99.3%
CVE-2020-28046 HIGH POC This Week

An issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Prolinos
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-28045 HIGH POC This Week

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Prolinos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27992 HIGH POC This Week

Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dr Fone
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27708 HIGH POC This Week

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Origin
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14425 HIGH POC THREAT This Week

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Foxit Reader
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
39.4%
CVE-2020-7758 HIGH POC PATCH This Week

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Chrome
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-9368 HIGH POC This Week

The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Olea Gift On Order
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8183 HIGH POC This Week

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-28030 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8236 MEDIUM POC This Month

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-7757 MEDIUM POC This Month

This affects all versions of package droppy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Droppy
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-28041 MEDIUM POC This Month

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Privilege Escalation Nighthawk R7000 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-25689 MEDIUM POC PATCH This Month

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wildfly Fuse Jboss Data Grid Jboss Enterprise Application Platform +6
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-27982 MEDIUM POC This Month

IceWarp 11.4.5.0 allows XSS via the language parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
5.3%
CVE-2020-5656 CRITICAL Act Now

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-5653 CRITICAL Act Now

Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-28037 CRITICAL PATCH Act Now

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress RCE Denial Of Service PHP Fedora +1
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
7.7%
CVE-2020-28036 CRITICAL PATCH Act Now

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP Fedora Debian Linux
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-28035 CRITICAL Act Now

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-28032 CRITICAL PATCH Act Now

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP Fedora Debian Linux
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
16.1%
CVE-2020-23639 CRITICAL Act Now

A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vport 461 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-3703 CRITICAL Act Now

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8053 Firmware Apq8076 Firmware Ar9344 Firmware +38
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-3692 CRITICAL Act Now

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Kamorta Firmware Nicobar Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3673 CRITICAL Act Now

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Apq8053 Firmware Apq8096Au Firmware +37
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-3657 CRITICAL Act Now

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qualcomm Apq8009 Firmware Apq8017 Firmware +35
NVD
CVSS 3.1
9.8
EPSS
28.3%
CVE-2020-3654 CRITICAL Act Now

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Apq8053 Firmware Apq8096Au Firmware +38
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11172 CRITICAL Act Now

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq4019 Firmware Ipq6018 Firmware Ipq8064 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-11153 CRITICAL Act Now

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qualcomm Memory Corruption Apq8053 Firmware +5
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-23989 MEDIUM POC This Month

NeDi 1.9C allows pwsec.php oid XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23868 MEDIUM POC This Month

NeDi 1.9C allows inc/rt-popup.php d XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-28042 MEDIUM POC PATCH This Month

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Servicestack
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-28002 MEDIUM POC This Month

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonarqube
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-28039 CRITICAL PATCH Act Now

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress PHP Debian Linux Ubuntu Linux
NVD GitHub WPScan
CVSS 3.1
9.1
EPSS
4.1%
CVE-2020-3670 CRITICAL Act Now

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Agatti Firmware Apq8053 Firmware +51
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-11169 CRITICAL Act Now

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware +9
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-11155 HIGH This Week

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Qca6390 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11154 HIGH This Week

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Qca6390 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11114 HIGH This Week

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Ar9344 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-27358 MEDIUM POC This Month

An issue was discovered in REDCap 8.11.6 through 9.x before 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Redcap
NVD GitHub
CVSS 3.1
4.3
EPSS
2.0%
CVE-2020-11156 HIGH This Week

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Qca6390 Firmware Qcn7605 Firmware Qcs404 Firmware +5
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-11141 HIGH This Week

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Qca6390 Firmware +6
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2020-3696 HIGH PATCH This Week

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Qualcomm Denial Of Service Memory Corruption Apq8009 Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3694 HIGH PATCH This Week

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Bitra Firmware Nicobar Firmware Saipan Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3693 HIGH PATCH This Week

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3690 HIGH This Week

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Bitra Firmware Kamorta Firmware +26
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3684 HIGH This Week

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Apq8009 Firmware Apq8098 Firmware +42
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3678 HIGH This Week

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Kamorta Firmware Qcs404 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3638 HIGH This Week

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Bitra Firmware Kamorta Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy