Skip to main content
CVE-2020-4854 CRITICAL POC PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-12351 HIGH POC This Week

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Kernel
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.7%
CVE-2020-27985 HIGH POC PATCH This Week

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Security Onion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24227 HIGH POC This Week

Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Playground Sessions
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7777 HIGH POC This Week

This affects all versions of package jsen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jsen
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-15436 MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +18
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-12352 MEDIUM POC This Month

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
5.7%
CVE-2020-26227 MEDIUM POC PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-28927 MEDIUM POC This Month

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Magicpin
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-28984 CRITICAL PATCH Act Now

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Spip Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-28360 CRITICAL PATCH Act Now

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE SSRF Private Ip
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28864 CRITICAL Act Now

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Winscp
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-6939 CRITICAL Act Now

Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Tableau Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-4006 CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager Identity Manager Connector One Access +2
NVD
CVSS 3.1
9.1
EPSS
23.8%
CVE-2020-25660 HIGH This Week

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ceph Ceph Storage Openshift Container Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15437 MEDIUM POC This Month

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-28421 HIGH This Week

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Unified Infrastructure Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-25696 HIGH PATCH This Week

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE PostgreSQL Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-26228 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15246 HIGH PATCH This Week

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-7925 HIGH This Week

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-26231 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-7927 MEDIUM This Month

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege.2 versions prior to and including 4.2.17, MongoDB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ops Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-7928 MEDIUM PATCH This Month

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-7926 MEDIUM This Month

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem.4 versions prior to 4.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-28053 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4783 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-0569 MEDIUM PATCH This Month

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Microsoft Buffer Overflow Memory Corruption Intel +15
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2020-15249 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26239 MEDIUM PATCH This Month

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Mozilla Scratch Addons
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-28896 MEDIUM PATCH This Month

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mutt Neomutt Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-4771 MEDIUM PATCH This Month

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Spectrum Protect Operations Center
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-15247 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
5.2
EPSS
0.3%
CVE-2020-1778 MEDIUM This Month

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.0.9 and prior versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Otrs
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-15248 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2020-26229 LOW PATCH Monitor

TYPO3 is an open source PHP based web content management system. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

XXE PHP Typo3
NVD GitHub
CVSS 3.1
3.7
EPSS
0.6%
CVE-2020-25688 LOW Monitor

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy