Skip to main content
CVE-2020-28578 CRITICAL POC THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
72.3%
CVE-2020-26097 CRITICAL POC Act Now

The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nvr 915 Firmware Nvr 1615 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-6016 CRITICAL POC PATCH Act Now

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Game Networking Sockets
NVD GitHub
CVSS 3.1
9.8
EPSS
5.8%
CVE-2020-28579 HIGH POC THREAT This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
49.3%
CVE-2020-24297 HIGH POC This Week

httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection TP-Link Tl Wpa4220 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-28574 HIGH POC This Week

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-28091 HIGH POC This Week

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-25406 HIGH POC This Week

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Lemocms
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-28581 HIGH POC THREAT This Week

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28580 HIGH POC THREAT This Week

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28005 MEDIUM POC This Month

httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wpa4220 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-15300 MEDIUM POC This Month

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Suitecrm
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26554 MEDIUM POC This Month

REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maildepot
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-28724 MEDIUM POC PATCH This Month

Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Werkzeug
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-3586 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Dna Spaces
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-3531 CRITICAL Act Now

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-3470 CRITICAL Act Now

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Enterprise Nfv Infrastructure Software Integrated Management Controller
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-25454 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grocy
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-28361 MEDIUM POC This Month

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Authentication Bypass Kamailio
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-3419 CRITICAL Act Now

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2020-7564 HIGH This Week

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Modicon Tsxety4103 Firmware Modicon Tsxety5103 Firmware Modicon Tsxp574634 Firmware Modicon Tsxp575634 Firmware +16
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-7563 HIGH This Week

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Memory Corruption Modicon Tsxety4103 Firmware Modicon Tsxety5103 Firmware +18
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-26075 HIGH This Week

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Iot Field Network Director
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-24723 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration Login And User Management System
NVD
CVSS 3.1
4.8
EPSS
1.0%
CVE-2020-26072 HIGH This Week

A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
8.7
EPSS
1.0%
CVE-2020-7562 HIGH This Week

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Modicon Tsxety4103 Firmware Modicon Tsxety5103 Firmware Modicon Tsxp574634 Firmware +17
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-26226 HIGH PATCH This Week

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Semantic Release
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-15301 HIGH This Week

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Suitecrm
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-28572 HIGH This Week

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27697 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-27696 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Microsoft Information Disclosure Antivirus Security 2020 Internet Security 2020 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-27695 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-3367 HIGH This Week

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Asyncos
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-12593 HIGH This Week

Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Endpoint Detection And Response
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-3392 HIGH This Week

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26076 HIGH This Week

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28367 HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-28366 HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go Fedora Cloud Insights Telegraf Agent +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-28362 HIGH PATCH This Week

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora Cloud Insights Telegraf Agent Trident
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-13799 MEDIUM This Month

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inand Cl Em132 Firmware Inand Ix Em132 Firmware Inand Ix Em132 Xi Firmware Op Tee
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2020-3482 MEDIUM This Month

A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Expressway Telepresence Video Communication Server
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-3471 MEDIUM This Month

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-4592 MEDIUM PATCH This Month

IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26078 MEDIUM This Month

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iot Field Network Director
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-26068 MEDIUM This Month

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Roomos Telepresence Collaboration Endpoint
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-28917 MEDIUM This Month

An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure View Frontend Statistics
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26215 MEDIUM PATCH This Month

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Notebook Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-22723 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ljcmsshop
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27126 MEDIUM This Month

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-26081 MEDIUM This Month

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Iot Field Network Director
NVD
CVSS 3.1
6.1
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy