Skip to main content
CVE-2020-8539 HIGH POC This Week

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Head Unit Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-28993 HIGH POC This Week

A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Minicmts200A Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-6880 CRITICAL Act Now

A ZXELINK wireless controller has a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zxv10 W908 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-28971 CRITICAL PATCH Act Now

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-28970 CRITICAL PATCH Act Now

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass PHP My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-28940 CRITICAL PATCH Act Now

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-7548 CRITICAL PATCH Act Now

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Acti9 Smartlink Si D Firmware Acti9 Smartlink Si B Firmware Acti9 Powertag Link Firmware Acti9 Powertag Link Hd Firmware +3
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-7533 CRITICAL Act Now

commands on the webserver without authentication when sending specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Modicon M340 Bmxp3420302 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp3420102 Firmware +12
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-26762 CRITICAL Act Now

A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ic 3116W Firmware Ic 3140W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29315 MEDIUM POC PATCH This Month

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thinkadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-7547 HIGH This Week

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager Powerscada Expert With Advanced Reporting And Dashboards +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-25181 HIGH This Week

WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Plc Editor
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-25177 HIGH This Week

WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Plc Editor
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-7335 HIGH This Week

Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Microsoft Total Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9117 HIGH This Week

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Information Disclosure Nova 4 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-9114 HIGH This Week

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fusioncompute
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7545 HIGH This Week

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager +2
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-9116 HIGH This Week

Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Command Injection Fusioncompute
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-9115 HIGH This Week

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Manageone
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-28575 MEDIUM This Month

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Privilege Escalation Memory Corruption Serverprotect
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-26250 MEDIUM PATCH This Month

OAuthenticator is an OAuth login mechanism for JupyterHub. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Oauthenticator
NVD GitHub
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-4126 MEDIUM This Month

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hcl Inotes
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-7546 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager Powerscada Expert With Advanced Reporting And Dashboards +1
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-28583 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28582 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28577 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28576 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28573 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-4128 MEDIUM PATCH This Month

HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Authentication Bypass Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4129 MEDIUM This Month

HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hcl Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15257 MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker Information Disclosure Containerd +2
NVD GitHub
CVSS 3.1
5.2
EPSS
3.2%
CVE-2020-11990 LOW Monitor

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Cordova
NVD
CVSS 3.1
3.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy