Skip to main content
CVE-2020-27694 HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
7.3%
CVE-2020-27016 HIGH POC This Week

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-28373 HIGH POC This Week

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Memory Corruption RCE R6400V2 Firmware +12
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-8268 HIGH POC PATCH This Week

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Code Injection Json8 Merge Patch
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-23140 HIGH This Week

Microweber 1.1.18 is affected by insufficient session expiration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-4759 HIGH PATCH This Week

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Filenet Content Manager
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2020-27977 HIGH This Week

CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Capainstaller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14366 HIGH PATCH This Week

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Keycloak
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-24400 HIGH PATCH This Week

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe SQLi Information Disclosure Magento
NVD
CVSS 3.1
7.1
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy