Skip to main content
CVE-2020-13927 CRITICAL POC KEV PATCH THREAT Emergency

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Airflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.7%
CVE-2020-7766 CRITICAL POC PATCH Act Now

This affects all versions of package json-ptr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Json Ptr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-25268 HIGH POC This Week

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ilias
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-23968 HIGH POC This Week

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure International Sign Go
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-28055 HIGH POC This Week

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure 32S330 Firmware 40S330 Firmware 43S434 Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-26808 HIGH POC This Week

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SAP Sap As Abap Dmis Sap S4 Hana Dmis
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2020-16125 MEDIUM POC This Month

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Information Disclosure Gnome Display Manager
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-27403 MEDIUM POC This Month

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure 32S330 Firmware 40S330 Firmware 43S434 Firmware +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-26824 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-26823 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-26822 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-26821 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-25074 CRITICAL PATCH Act Now

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Moinmoin Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2020-24384 CRITICAL PATCH Act Now

A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Agalaxy Advanced Core Operating System
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-0452 CRITICAL PATCH Act Now

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android +1
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-0447 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-0446 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-0445 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-0454 MEDIUM POC This Month

In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25267 MEDIUM POC This Month

An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilias
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-28409 MEDIUM POC This Month

The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dundas Bi
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-28408 MEDIUM POC This Month

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dundas Bi
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26809 MEDIUM POC This Month

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Commerce Cloud
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-27146 HIGH This Week

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iprocess Workspace Browser
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-26819 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-26818 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-0451 HIGH PATCH This Week

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-0449 HIGH PATCH This Week

In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption RCE Google +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-26815 HIGH This Week

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Fiori Launchpad News Tile Application
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-24367 HIGH PATCH This Week

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Microsoft Bluestacks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-26817 HIGH This Week

SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-0439 HIGH PATCH This Week

In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0438 HIGH This Week

In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0418 HIGH PATCH This Week

In getPermissionInfosForGroup of Utils.java, there is a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0409 HIGH PATCH This Week

In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-26810 HIGH This Week

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Commerce Cloud Accelerator Payment Mock
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-28267 HIGH PATCH This Week

Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Denial Of Service Set
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-0442 HIGH PATCH This Week

In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-0441 HIGH PATCH This Week

In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-24063 HIGH This Week

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-26820 HIGH This Week

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Privilege Escalation SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
3.9%
CVE-2020-5388 MEDIUM This Month

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow RCE Dell Inspiron 15 7579 Firmware
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-0450 MEDIUM PATCH This Month

In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12485 MEDIUM This Month

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Frame Touch Module
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4568 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-0453 MEDIUM PATCH This Month

In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0448 MEDIUM PATCH This Month

In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0443 MEDIUM PATCH This Month

In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0437 MEDIUM PATCH This Month

In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Denial Of Service Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0424 MEDIUM PATCH This Month

In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy