Skip to main content
CVE-2020-26950 HIGH POC THREAT Act Now

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +2
NVD
CVSS 3.1
8.8
EPSS
42.3%
CVE-2020-29659 CRITICAL POC Act Now

A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Dupscout
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-25499 HIGH POC PATCH This Week

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection A3002r Firmware A3002Ru V1 Firmware A3002Ru V2 Firmware A702R V2 Firmware +9
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-7787 HIGH POC PATCH This Week

This affects all versions of package react-adal. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass React Adal
NVD GitHub
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-26832 HIGH POC This Week

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation),. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap S 4 Hana
NVD
CVSS 3.1
7.6
EPSS
2.2%
CVE-2020-23520 HIGH POC This Week

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Imcat
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-7776 MEDIUM POC PATCH This Month

This affects the package phpoffice/phpspreadsheet from 0.0.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
6.4
EPSS
1.3%
CVE-2020-29258 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29257 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26836 MEDIUM POC This Month

SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-26829 CRITICAL Act Now

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
10.0
EPSS
4.7%
CVE-2020-17529 CRITICAL Act Now

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Nuttx
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-26831 CRITICAL Act Now

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2020-16599 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Hci Management Node +2
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-16593 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16592 MEDIUM POC This Month

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Binutils Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-16591 MEDIUM POC This Month

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Binutils Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-16590 MEDIUM POC This Month

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Binutils Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-16589 MEDIUM POC PATCH This Month

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Openexr Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-16588 MEDIUM POC PATCH This Month

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Openexr Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16587 MEDIUM POC PATCH This Month

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Openexr Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-29259 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10146 MEDIUM POC This Month

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Teams
NVD GitHub
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-26838 CRITICAL Act Now

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Command Injection Business Warehouse Bw 4Hana
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2020-26837 CRITICAL Act Now

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Solution Manager
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-17528 CRITICAL Act Now

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Nuttx
NVD
CVSS 3.1
9.1
EPSS
3.1%
CVE-2020-29657 CRITICAL Act Now

In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2020-26970 HIGH This Week

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26969 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 82. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26968 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26960 HIGH This Week

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26959 HIGH This Week

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-26952 HIGH This Week

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26249 HIGH PATCH This Week

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Red Dashboard
NVD GitHub
CVSS 3.1
8.7
EPSS
1.1%
CVE-2020-29660 MEDIUM POC PATCH This Month

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-26830 HIGH This Week

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-26261 HIGH PATCH This Week

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Systemdspawner
NVD GitHub
CVSS 3.1
7.9
EPSS
0.5%
CVE-2020-10143 HIGH This Week

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass Reflect
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-16600 HIGH This Week

A Use After Free vulnerability exists in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Mupdf
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-2049 HIGH This Week

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Microsoft Cortex Xdr Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-29661 HIGH PATCH This Week

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-25199 HIGH This Week

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-27614 HIGH This Week

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Anydesk
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28086 HIGH This Week

pass through 1.7.3 has a possibility of using a password for an unintended resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Password Store
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-29656 HIGH This Week

An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac88U Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-29655 HIGH This Week

An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rt Ac88U Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-29651 HIGH PATCH This Week

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Py Fedora Zfs Storage Appliance Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-26964 MEDIUM This Month

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-7337 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Virusscan Enterprise
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-26257 MEDIUM PATCH This Month

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy