Skip to main content
CVE-2020-26950 HIGH POC THREAT Act Now

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +2
NVD
CVSS 3.1
8.8
EPSS
42.3%
CVE-2020-25499 HIGH POC PATCH This Week

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection A3002r Firmware A3002Ru V1 Firmware A3002Ru V2 Firmware A702R V2 Firmware +9
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-7787 HIGH POC PATCH This Week

This affects all versions of package react-adal. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass React Adal
NVD GitHub
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-26832 HIGH POC This Week

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation),. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap S 4 Hana
NVD
CVSS 3.1
7.6
EPSS
2.2%
CVE-2020-23520 HIGH POC This Week

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Imcat
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-26970 HIGH This Week

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26969 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 82. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26968 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26960 HIGH This Week

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26959 HIGH This Week

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-26952 HIGH This Week

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-26249 HIGH PATCH This Week

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Red Dashboard
NVD GitHub
CVSS 3.1
8.7
EPSS
1.1%
CVE-2020-26830 HIGH This Week

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-26261 HIGH PATCH This Week

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Systemdspawner
NVD GitHub
CVSS 3.1
7.9
EPSS
0.5%
CVE-2020-10143 HIGH This Week

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass Reflect
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-16600 HIGH This Week

A Use After Free vulnerability exists in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Mupdf
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-2049 HIGH This Week

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Microsoft Cortex Xdr Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-29661 HIGH PATCH This Week

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-25199 HIGH This Week

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-27614 HIGH This Week

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Anydesk
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28086 HIGH This Week

pass through 1.7.3 has a possibility of using a password for an unintended resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Password Store
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-29656 HIGH This Week

An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac88U Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-29655 HIGH This Week

An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rt Ac88U Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-29651 HIGH PATCH This Week

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Py Fedora Zfs Storage Appliance Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
4.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy