Skip to main content
CVE-2020-27387 HIGH POC PATCH THREAT Act Now

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Horizontcms
NVD GitHub
CVSS 3.1
8.8
EPSS
18.5%
CVE-2020-25398 HIGH POC This Week

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Imind Server
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-28115 HIGH POC This Week

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Audimexee
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-24849 HIGH POC This Week

A remote code execution vulnerability is identified in FruityWifi through 2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Fruitywifi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-15950 HIGH POC This Week

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Immuta
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13537 HIGH POC This Week

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Privilege Escalation Mxview
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13536 HIGH POC This Week

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Privilege Escalation Mxview
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-26507 HIGH POC This Week

A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microsoft Marmind
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-25399 HIGH POC This Week

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Imind Server
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-27402 HIGH POC This Week

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hk1 Box S905X3 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15949 HIGH POC This Week

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Immuta
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7763 HIGH POC PATCH This Week

This affects the package phantom-html-to-pdf before 0.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Phantom Html To Pdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-6877 HIGH This Week

A ZTE product is impacted by an information leak vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 Eodn Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25661 HIGH This Week

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Memory Corruption RCE Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-13661 HIGH This Week

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fiddler
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-12147 HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-12146 HIGH This Week

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Orchestrator
NVD
CVSS 3.1
8.8
EPSS
27.6%
CVE-2020-5945 HIGH This Week

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
8.4
EPSS
1.3%
CVE-2020-5793 HIGH This Week

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Nessus Nessus Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24437 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
45.1%
CVE-2020-24436 HIGH This Week

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
16.3%
CVE-2020-24435 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
51.3%
CVE-2020-24433 HIGH This Week

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Privilege Escalation Authentication Bypass Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
15.2%
CVE-2020-24432 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
7.8
EPSS
10.6%
CVE-2020-24430 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
17.9%
CVE-2020-24429 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Jwt Attack Apple Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-24428 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Adobe Privilege Escalation Apple Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.7
EPSS
2.2%
CVE-2020-25837 HIGH This Week

Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Self Service Password Reset
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5946 HIGH This Week

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Fraud Protection Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5942 HIGH This Week

In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5941 HIGH This Week

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5939 HIGH This Week

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel VMware Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +12
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27688 HIGH This Week

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rvtools
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy