Skip to main content
CVE-2020-27486 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
1.9%
CVE-2020-27485 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Array index error. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
1.6%
CVE-2020-27484 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
1.7%
CVE-2020-27483 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Array index error. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
2.1%
CVE-2020-25952 CRITICAL POC Act Now

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi User Registration Login And User Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-28693 HIGH POC This Week

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Horizontcms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-26217 HIGH POC PATCH THREAT This Week

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Xstream Debian Linux Snapmanager +12
NVD GitHub
CVSS 3.1
8.8
EPSS
85.0%
CVE-2020-13769 HIGH POC This Week

LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-28649 HIGH POC This Week

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Child Theme Creator
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-28648 HIGH POC This Week

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2020-8897 HIGH POC PATCH This Week

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Aws Encryption Sdk
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-8259 HIGH POC This Week

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-26224 HIGH POC PATCH This Week

In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-26509 HIGH POC This Week

Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Airleader Master Control
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-23490 HIGH POC PATCH This Week

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-28723 HIGH POC This Week

Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pparam
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-27191 HIGH POC This Week

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Lionwiki
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2020-28692 HIGH POC This Week

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gila Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-28656 MEDIUM POC This Month

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Polo Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-7773 MEDIUM POC PATCH This Month

This affects the package markdown-it-highlightjs before 3.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown It Highlightjs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-26510 CRITICAL Act Now

Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Tomcat Airleader Master Control
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-26508 CRITICAL Act Now

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oce Colorwave 3500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-27422 CRITICAL POC Act Now

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Time Tracker
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.8%
CVE-2020-25207 CRITICAL Act Now

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Toolbox
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-5664 CRITICAL Act Now

Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Xoonips
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-28642 CRITICAL Act Now

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinitewp
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-8271 CRITICAL Act Now

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Sd Wan
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2020-13773 MEDIUM POC This Month

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivanti Endpoint Manager
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-28650 MEDIUM POC This Month

The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13772 MEDIUM POC This Month

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-7765 MEDIUM POC PATCH This Month

This affects the package @firebase/util before 0.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Firebase Util
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-23489 HIGH PATCH This Week

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-4700 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-4655 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Sterling B2b Integrator
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-4647 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Sterling File Gateway
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5659 HIGH This Week

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xoonips
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-8273 HIGH This Week

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Citrix Sd Wan
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8270 HIGH PATCH This Week

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Microsoft Command Injection Virtual Apps And Desktops
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-8269 HIGH PATCH This Week

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Virtual Apps And Desktops Xenapp Xendesktop
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-25695 HIGH This Week

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PostgreSQL Debian Linux
NVD
CVSS 3.1
8.8
EPSS
46.4%
CVE-2020-8152 MEDIUM POC This Month

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-25694 HIGH PATCH This Week

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

PostgreSQL Information Disclosure Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-4476 HIGH PATCH This Week

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-27623 HIGH This Week

JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ideavim
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-27423 HIGH POC This Week

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Time Tracker
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
6.4%
CVE-2020-25209 HIGH This Week

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-25013 HIGH This Week

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8272 HIGH This Week

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Sd Wan
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-5666 HIGH This Week

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R00 Firmware Melsec Iq R01 Firmware Melsec Iq R02 Firmware Melsec Iq R04 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2020-2492 HIGH This Week

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts
NVD
CVSS 3.1
7.2
EPSS
1.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy