Skip to main content
CVE-2020-27955 CRITICAL POC PATCH THREAT Emergency

Git LFS 2.12.0 allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Git Large File Storage
NVD GitHub
CVSS 3.1
9.8
EPSS
82.7%
CVE-2020-27387 HIGH POC PATCH THREAT Act Now

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Horizontcms
NVD GitHub
CVSS 3.1
8.8
EPSS
18.5%
CVE-2020-15952 CRITICAL POC Act Now

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
CVSS 3.1
9.0
EPSS
1.5%
CVE-2020-25398 HIGH POC This Week

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Imind Server
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-28115 HIGH POC This Week

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Audimexee
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-24849 HIGH POC This Week

A remote code execution vulnerability is identified in FruityWifi through 2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Fruitywifi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-15950 HIGH POC This Week

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Immuta
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13537 HIGH POC This Week

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Privilege Escalation Mxview
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13536 HIGH POC This Week

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Privilege Escalation Mxview
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-26507 HIGH POC This Week

A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microsoft Marmind
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-25399 HIGH POC This Week

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Imind Server
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-27402 HIGH POC This Week

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hk1 Box S905X3 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15949 HIGH POC This Week

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Immuta
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7763 HIGH POC PATCH This Week

This affects the package phantom-html-to-pdf before 0.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Phantom Html To Pdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-7762 MEDIUM POC PATCH This Month

This affects the package jsreport-chrome-pdf before 1.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Path Traversal Jsreport Chrome Pdf
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-26505 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Marmind
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-15951 MEDIUM POC This Month

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-17510 CRITICAL PATCH Act Now

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass Shiro Debian Linux
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2020-12145 CRITICAL Act Now

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unity Orchestrator
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2020-28047 MEDIUM POC This Month

AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Audimexee
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-6877 HIGH This Week

A ZTE product is impacted by an information leak vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 Eodn Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25661 HIGH This Week

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Memory Corruption RCE Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-13661 HIGH This Week

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fiddler
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-12147 HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-12146 HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
CVSS 3.1
8.8
EPSS
27.6%
CVE-2020-5945 HIGH This Week

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
8.4
EPSS
1.3%
CVE-2020-26506 MEDIUM POC This Month

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Marmind
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-5793 HIGH This Week

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Nessus Nessus Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24437 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
45.1%
CVE-2020-24436 HIGH This Week

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
16.3%
CVE-2020-24435 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
51.3%
CVE-2020-24433 HIGH This Week

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Privilege Escalation Authentication Bypass Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
15.2%
CVE-2020-24432 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
7.8
EPSS
10.6%
CVE-2020-24430 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
17.9%
CVE-2020-24429 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Jwt Attack Apple Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-24428 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Adobe Privilege Escalation Apple Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.7
EPSS
2.2%
CVE-2020-25837 HIGH This Week

Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Self Service Password Reset
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5946 HIGH This Week

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Fraud Protection Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5942 HIGH This Week

In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5941 HIGH This Week

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5939 HIGH This Week

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel VMware Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +12
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27688 HIGH This Week

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rvtools
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-7207 MEDIUM This Month

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Apollo 2000 Firmware Apollo 4200 Gen10 Firmware Apollo 4500 Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-4097 MEDIUM This Month

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Notes
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-25662 MEDIUM This Month

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5943 MEDIUM This Month

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-14240 MEDIUM This Month

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Notes
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14222 MEDIUM This Month

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6015 MEDIUM This Month

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Denial Of Service Microsoft Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5940 MEDIUM This Month

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy