Skip to main content
CVE-2020-24719 CRITICAL POC THREAT Emergency

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
23.3%
CVE-2020-27386 HIGH POC THREAT Act Now

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g.,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexdotnetcms
NVD GitHub
CVSS 3.1
8.8
EPSS
72.9%
CVE-2020-28271 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service Prototype Pollution Deephas
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-28270 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Denial Of Service Object Hierarchy Access
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-28269 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Denial Of Service Field
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-27481 CRITICAL POC THREAT Act Now

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Good Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
10.6%
CVE-2020-7770 CRITICAL POC PATCH Act Now

This affects the package json8 before 1.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Json8
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7769 CRITICAL POC PATCH Act Now

This affects the package nodemailer before 6.4.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nodemailer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-26804 HIGH POC This Week

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-26803 HIGH POC This Week

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-27385 HIGH POC This Week

Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flexdotnetcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-11208 HIGH POC This Week

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Sd820 Firmware Sd821 Firmware Qcs603 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-11207 HIGH POC This Week

Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qualcomm Apq8052 Firmware Apq8056 Firmware Apq8076 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-11206 HIGH POC This Week

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qualcomm Apq8098 Firmware Msm8998 Firmware Qcm4290 Firmware +51
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-11202 HIGH POC This Week

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Qcm6125 Firmware Qcs410 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-11201 HIGH POC This Week

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Qualcomm Information Disclosure Qcm6125 Firmware Qcs410 Firmware Qcs603 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-24573 HIGH POC This Week

BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Eibport Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26805 HIGH POC This Week

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-25706 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Cacti Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-13774 CRITICAL Act Now

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.9
EPSS
4.7%
CVE-2020-25658 MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Openstack Platform Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-13877 CRITICAL Act Now

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Information Disclosure Meeting Monitor
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-12315 CRITICAL PATCH Act Now

Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Intel Path Traversal Endpoint Management Assistant
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8752 CRITICAL Act Now

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Memory Corruption Active Management Technology Firmware Cloud Backup +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7472 CRITICAL Act Now

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Sugarcrm
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-3639 CRITICAL Act Now

u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8037 Firmware +86
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11196 CRITICAL Act Now

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +89
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11193 CRITICAL Act Now

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8009W Firmware +90
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11184 CRITICAL Act Now

u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Qcm4290 Firmware Qcs4290 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11168 CRITICAL Act Now

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Apq8009W Firmware Apq8017 Firmware +59
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11209 MEDIUM POC This Month

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sd820 Firmware Sd821 Firmware Qcs603 Firmware Qcs605 Firmware +9
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2020-8747 CRITICAL Act Now

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2020-12347 HIGH This Week

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-8749 HIGH This Week

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-12321 HIGH PATCH This Week

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Dual Band Wireless Ac 3168 Firmware Dual Band Wireless Ac 8260 Firmware Dual Band Wireless Ac 8265 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7332 HIGH This Week

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26070 HIGH This Week

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-2050 HIGH This Week

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-12927 HIGH This Week

A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amd Vbios Flash Tool Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24525 HIGH This Week

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 8 Mainstream G Kit Nuc8I5Inh Firmware Nuc 8 Mainstream G Kit Nuc8I7Inh Firmware Nuc 8 Mainstream G Mini Pc Nuc8I5Inh Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24456 HIGH This Week

Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Board Id Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-16273 HIGH This Week

In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Armv8 M Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12350 HIGH This Week

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Extreme Tuning Utility
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12346 HIGH This Week

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Battery Life Diagnostic Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12345 HIGH This Week

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12336 HIGH This Week

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 8 Mainstream G Kit Nuc8I5Inh Firmware Nuc 8 Mainstream G Kit Nuc8I7Inh Firmware Nuc 8 Mainstream G Mini Pc Nuc8I5Inh Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12335 HIGH This Week

Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Processor Identification Utility
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12334 HIGH This Week

Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor Tools
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12333 HIGH This Week

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Quickassist Technology
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12332 HIGH This Week

Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Hid Event Filter Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy