Skip to main content
CVE-2020-28922 HIGH POC This Week

An issue was discovered in Devid Espenschied PC Analyser through 4.10. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Pc Analyser
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-28921 HIGH POC This Week

An issue was discovered in Devid Espenschied PC Analyser through 4.10. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Pc Analyser
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25708 HIGH POC This Week

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libvncserver Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-15681 CRITICAL PATCH Act Now

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Crafter Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-26245 CRITICAL PATCH Act Now

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Node.js Command Injection Systeminformation
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-25014 CRITICAL Act Now

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Memory Corruption RCE Zld +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-27745 CRITICAL PATCH Act Now

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Slurm Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-25738 MEDIUM POC This Month

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Endpoint Privilege Manager
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-29145 MEDIUM POC This Month

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ericsson Bscs Ix R18 Billing Rating Admx Bscs Ix R18 Billing Rating Mx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-29144 MEDIUM POC This Month

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ericsson Bscs Ix R18 Billing Rating Admx Bscs Ix R18 Billing Rating Mx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-12262 MEDIUM POC This Month

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tip200 Firmware Tip200Lite Firmware Tip300 Firmware
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2017-15685 HIGH PATCH This Week

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Crafter Cms
NVD VulDB
CVSS 3.1
8.6
EPSS
1.7%
CVE-2017-15683 HIGH PATCH This Week

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Crafter Cms
NVD VulDB
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-7780 HIGH PATCH This Week

This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Akka Http Session
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2017-15684 HIGH PATCH This Week

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Crafter Cms
NVD VulDB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-29367 HIGH PATCH This Week

blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption C Blosc2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-10772 HIGH This Week

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Unbound
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-15680 MEDIUM PATCH This Month

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Crafter Cms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-29136 MEDIUM This Month

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-15682 MEDIUM PATCH This Month

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Crafter Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29137 MEDIUM This Month

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-29133 MEDIUM This Month

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coremail Xt
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-29138 MEDIUM This Month

Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass F St 3486 Router Firmware
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-29135 MEDIUM This Month

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cpanel
NVD
CVSS 3.1
4.1
EPSS
0.6%
CVE-2020-27746 LOW PATCH Monitor

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Slurm Debian Linux
NVD
CVSS 3.1
3.7
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy