Skip to main content
CVE-2020-26222 HIGH POC PATCH This Week

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Dependabot
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-25557 HIGH POC This Week

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cmsuno
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-25538 HIGH POC This Week

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cmsuno
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
9.9%
CVE-2020-15481 HIGH POC This Week

An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Burnintest Osforensics Performancetest
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-5796 HIGH POC This Week

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-6156 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6155 HIGH POC This Week

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-6150 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6149 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6148 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6147 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-6019 HIGH POC PATCH This Week

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Game Networking Sockets
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-21667 HIGH POC This Week

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fastadmin Tp6
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-12313 HIGH PATCH This Week

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Proset Wireless Wifi
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-27217 HIGH PATCH This Week

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hono
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8583 HIGH This Week

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hci Element Os
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25165 HIGH This Week

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris 8015 Pcu Firmware Alaris Systems Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-25155 HIGH This Week

The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nio 50 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-25151 HIGH This Week

The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nio 50 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-1847 HIGH This Week

There is a denial of service vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Nip6300 Firmware Nip6600 Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy