Skip to main content
CVE-2020-28638 CRITICAL POC Act Now

{W] Detected DISPLAY, but only. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tomb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13638 CRITICAL POC THREAT Act Now

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass PHP Rconfig
NVD
CVSS 3.1
9.8
EPSS
76.8%
CVE-2020-26222 HIGH POC PATCH This Week

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Dependabot
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-25557 HIGH POC This Week

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cmsuno
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-25538 HIGH POC This Week

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cmsuno
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-15481 HIGH POC This Week

An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Burnintest Osforensics Performancetest
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-5796 HIGH POC This Week

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-6156 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6155 HIGH POC This Week

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-6150 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6149 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6148 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6147 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-6019 HIGH POC PATCH This Week

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Game Networking Sockets
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-21667 HIGH POC This Week

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fastadmin Tp6
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-26223 MEDIUM POC PATCH This Month

Spree is a complete open source e-commerce solution built with Ruby on Rails. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Spree
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-7032 MEDIUM POC This Month

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Aura System Manager Weblm
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2020-12338 CRITICAL PATCH Act Now

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Open Webrtc Toolkit
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-26230 MEDIUM POC PATCH This Month

Radar COVID is the official COVID-19 exposure notification app for Spain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google Apple Information Disclosure Radar Covid Backend Dp3T Server Radarcovid
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-12313 HIGH PATCH This Week

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Proset Wireless Wifi
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-27217 HIGH PATCH This Week

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hono
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8583 HIGH This Week

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hci Element Os
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25165 HIGH This Week

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris 8015 Pcu Firmware Alaris Systems Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-25155 HIGH This Week

The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nio 50 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-25151 HIGH This Week

The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nio 50 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-1847 HIGH This Week

There is a denial of service vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Nip6300 Firmware Nip6600 Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-0599 MEDIUM This Month

Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Pentium J6425 Firmware Pentium J4205 Firmware Pentium J3710 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-9129 MEDIUM This Month

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Huawei Mate 30 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-9127 MEDIUM This Month

Some Huawei products have a command injection vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Huawei Command Injection Nip6300 Firmware Nip6600 Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8582 MEDIUM This Month

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hci Element Os
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-26825 MEDIUM This Month

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Fiori Launchpad News Tile Application
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7033 MEDIUM This Month

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Equinox Conferencing
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-7962 MEDIUM This Month

An issue was discovered in One Identity Password Manager 5.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-6157 MEDIUM This Month

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Opera Touch
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4886 LOW PATCH Monitor

IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy