Skip to main content
CVE-2020-6017 CRITICAL POC PATCH Act Now

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Game Networking Sockets
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-13525 HIGH POC This Week

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13584 HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-13543 HIGH POC This Week

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Apple Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-13531 HIGH POC This Week

A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Memory Corruption RCE Openusd
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-26248 HIGH POC PATCH THREAT This Week

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Productcomments
NVD GitHub
CVSS 3.1
8.2
EPSS
12.4%
CVE-2020-25693 HIGH POC This Week

A flaw was found in CImg in versions prior to 2.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Cimg Fedora
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-29534 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.9.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-23740 HIGH POC This Week

In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Drivergenius
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28175 HIGH POC This Week

There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Speedfan
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13542 HIGH POC This Week

A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Logicaldoc
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-29529 HIGH POC PATCH This Week

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Hashicorp Path Traversal Go Slug
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-27778 HIGH POC This Week

A flaw was found in Poppler in the way certain PDF files were converted into HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Poppler Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-28937 HIGH POC This Week

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openclinic
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28939 HIGH POC This Week

OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Openclinic
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-27783 MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml Software Collections Enterprise Linux +5
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2020-2320 CRITICAL PATCH Act Now

Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Installation Manager Tool
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-23741 MEDIUM POC This Month

In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anyview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-23738 MEDIUM POC This Month

There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-23736 MEDIUM POC This Month

There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dada Accelerator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-23727 MEDIUM POC This Month

There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antiy Zhijia Terminal Defense System
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-23726 MEDIUM POC This Month

There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wise Care 365
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13524 MEDIUM POC This Month

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-28938 MEDIUM POC This Month

OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Openclinic
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14339 HIGH PATCH This Week

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Libvirt Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-28251 HIGH This Week

NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Airmagnet Enterprise
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-2321 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Shelve Project
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-23735 HIGH This Week

In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Cyber Game Accelerator
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14381 HIGH PATCH This Week

A flaw was found in the Linux kernel’s futex implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-14351 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6021 HIGH This Week

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-17527 HIGH PATCH This Week

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Tomcat Information Disclosure Element Plug In Oncommand System Manager +9
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2020-25649 HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-2324 HIGH PATCH This Week

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cvs
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-2322 HIGH PATCH This Week

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Chaos Monkey
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-6111 HIGH This Week

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Micrologix 1100 B Firmware
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-5680 HIGH This Week

Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ec Cube
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5676 HIGH This Week

GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Growi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-25711 MEDIUM PATCH This Month

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Infinispan Data Grid Active Iq Unified Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26246 MEDIUM PATCH This Month

Pimcore is an open source digital experience platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-5679 MEDIUM This Month

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ec Cube
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5678 MEDIUM This Month

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5677 MEDIUM This Month

Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5638 MEDIUM This Month

Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Neo
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27762 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-27760 MEDIUM PATCH This Month

In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-2323 MEDIUM PATCH This Month

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Chaos Monkey
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-14318 MEDIUM PATCH This Month

A flaw was found in the way samba handled file and directory permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Storage Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-27764 LOW PATCH Monitor

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27763 LOW PATCH Monitor

A flaw was found in ImageMagick in MagickCore/resize.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy