Skip to main content
CVE-2020-27694 HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
7.3%
CVE-2020-27016 HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-28373 HIGH POC This Week

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Memory Corruption RCE R6400V2 Firmware +12
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-8268 HIGH POC PATCH This Week

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Code Injection Json8 Merge Patch
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28349 MEDIUM POC PATCH This Month

An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Network Server
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-28351 MEDIUM POC THREAT This Month

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Shoretel Firmware
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
16.0%
CVE-2020-28371 CRITICAL PATCH Act Now

An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Java Integer Overflow Avian
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-26168 CRITICAL Act Now

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Jet
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-14189 CRITICAL Act Now

The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Jira Comment
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-14188 CRITICAL Act Now

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Jira Create
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-26542 CRITICAL Act Now

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Percona Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-23138 CRITICAL Act Now

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-27019 MEDIUM POC THREAT This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
17.9%
CVE-2020-27018 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
3.5%
CVE-2020-8276 MEDIUM POC This Month

The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Brave
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8133 MEDIUM POC This Month

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-15297 CRITICAL Act Now

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Update Server
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-24407 CRITICAL PATCH Act Now

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe File Upload RCE Magento
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2020-27017 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XXE Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
4.9
EPSS
6.4%
CVE-2020-27693 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
4.4
EPSS
1.8%
CVE-2020-23140 HIGH This Week

Microweber 1.1.18 is affected by insufficient session expiration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-8150 MEDIUM POC This Month

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. Rated medium severity (CVSS 4.1). Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2020-4759 HIGH PATCH This Week

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Filenet Content Manager
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2020-27977 HIGH This Week

CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Capainstaller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14366 HIGH PATCH This Week

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Keycloak
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-24400 HIGH PATCH This Week

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe SQLi Information Disclosure Magento
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-9300 MEDIUM This Month

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dispatch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-25655 MEDIUM This Month

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-24401 MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-28364 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Locust
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-24353 MEDIUM This Month

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-23136 MEDIUM This Month

Microweber v1.1.18 is affected by no session expiry after log-out. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microweber
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-23139 MEDIUM This Month

Microweber 1.1.18 is affected by broken authentication and session management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microweber
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9299 MEDIUM This Month

There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dispatch
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-24402 MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Magento
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2020-4651 MEDIUM PATCH This Month

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Maximo Spatial Asset Management
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-24405 MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-24406 LOW PATCH Monitor

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Information Disclosure Magento
NVD
CVSS 3.1
3.7
EPSS
2.1%
CVE-2020-4650 LOW PATCH Monitor

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Maximo Spatial Asset Management
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-24404 LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-24403 LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
2.7
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy