Skip to main content
CVE-2020-28579 HIGH POC THREAT This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Trend Micro Memory Corruption Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
49.3%
CVE-2020-24297 HIGH POC This Week

httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection TP-Link Tl Wpa4220 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-28574 HIGH POC This Week

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-28091 HIGH POC This Week

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-25406 HIGH POC This Week

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Lemocms
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-28581 HIGH POC THREAT This Week

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-28580 HIGH POC THREAT This Week

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
44.5%
CVE-2020-7564 HIGH This Week

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Modicon Tsxety4103 Firmware Modicon Tsxety5103 Firmware Modicon Tsxp574634 Firmware Modicon Tsxp575634 Firmware +16
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-7563 HIGH This Week

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Memory Corruption Modicon Tsxety4103 Firmware Modicon Tsxety5103 Firmware +18
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-26075 HIGH This Week

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Iot Field Network Director
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-26072 HIGH This Week

A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
8.7
EPSS
1.0%
CVE-2020-7562 HIGH This Week

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Modicon Tsxety4103 Firmware Modicon Tsxety5103 Firmware Modicon Tsxp574634 Firmware +17
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-26226 HIGH PATCH This Week

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Semantic Release
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-15301 HIGH This Week

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Suitecrm
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-28572 HIGH This Week

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27697 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-27696 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Microsoft Information Disclosure Antivirus Security 2020 Internet Security 2020 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-27695 HIGH This Week

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-3367 HIGH This Week

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Asyncos
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-12593 HIGH This Week

Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Endpoint Detection And Response
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-3392 HIGH This Week

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26076 HIGH This Week

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28367 HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-28366 HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go Fedora Cloud Insights Telegraf Agent +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-28362 HIGH PATCH This Week

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora Cloud Insights Telegraf Agent Trident
NVD
CVSS 3.1
7.5
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy