Skip to main content
CVE-2020-29390 CRITICAL POC THREAT Act Now

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zeroshell
NVD
CVSS 3.1
9.8
EPSS
36.7%
CVE-2020-28926 CRITICAL POC THREAT Act Now

ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Readymedia Debian Linux
NVD
CVSS 3.1
9.8
EPSS
14.5%
CVE-2020-25537 CRITICAL POC Act Now

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-27660 CRITICAL POC Act Now

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Safeaccess
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-29127 CRITICAL POC Act Now

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eternus Storage Dx200 S4 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-29394 HIGH POC PATCH This Week

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Diagnostic Log And Trace Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-27587 MEDIUM POC This Month

Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Brute Force Total Security
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-29438 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Model X Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-17901 MEDIUM POC This Month

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pbootcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-29395 MEDIUM POC THREAT This Month

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Eventon
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
11.7%
CVE-2020-27586 MEDIUM POC This Month

Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Total Security
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-29384 MEDIUM POC This Month

An issue was discovered in PNGOUT 2020-01-15. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Pngout
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-28976 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
27.8%
CVE-2020-4627 CRITICAL PATCH Act Now

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Cloud Pak For Security
NVD
CVSS 3.1
9.0
EPSS
1.6%
CVE-2020-25624 MEDIUM POC This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-29364 MEDIUM POC This Month

In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS News Lister
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-27659 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Synology Safeaccess
NVD GitHub
CVSS 3.1
4.8
EPSS
5.1%
CVE-2020-29440 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model X Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-29439 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model X Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-29392 MEDIUM POC This Month

The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Lock Password Manager Safe App
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-27585 MEDIUM POC This Month

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Total Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-8351 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-16850 HIGH This Week

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service R00Cpu Firmware R01Cpu Firmware R02Cpu Firmware R04Cpu Firmware +15
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-16849 HIGH This Week

An issue was discovered on Canon MF237w 06.07 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mf237W Firmware Mf113W Firmware Mf212W Firmware Mf216N Firmware +24
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4127 MEDIUM This Month

HCL Domino is susceptible to a Login CSRF vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hcl Domino
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-29441 MEDIUM This Month

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Outsystems
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4900 MEDIUM PATCH This Month

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Business Automation Workflow
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-14193 MEDIUM This Month

Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Code Injection Automation For Jira
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4625 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-4624 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-28978 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-28977 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-4696 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4626 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-6317 LOW Monitor

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Adaptive Server Enterprise
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2020-11867 LOW Monitor

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Audacity Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy