Skip to main content
CVE-2020-25268 HIGH POC This Week

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ilias
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-23968 HIGH POC This Week

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure International Sign Go
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-28055 HIGH POC This Week

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure 32S330 Firmware 40S330 Firmware 43S434 Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-26808 HIGH POC This Week

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SAP Sap As Abap Dmis Sap S4 Hana Dmis
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2020-27146 HIGH This Week

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iprocess Workspace Browser
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-26819 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-26818 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-0451 HIGH PATCH This Week

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-0449 HIGH PATCH This Week

In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption RCE Google +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-26815 HIGH This Week

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Fiori Launchpad News Tile Application
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-24367 HIGH PATCH This Week

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Microsoft Bluestacks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-26817 HIGH This Week

SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-0439 HIGH PATCH This Week

In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0438 HIGH This Week

In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0418 HIGH PATCH This Week

In getPermissionInfosForGroup of Utils.java, there is a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0409 HIGH PATCH This Week

In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-26810 HIGH This Week

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Commerce Cloud Accelerator Payment Mock
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-28267 HIGH PATCH This Week

Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Denial Of Service Set
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-0442 HIGH PATCH This Week

In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-0441 HIGH PATCH This Week

In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-24063 HIGH This Week

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-26820 HIGH This Week

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Privilege Escalation SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy