Skip to main content
CVE-2020-17132 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
9.1
EPSS
89.8%
CVE-2020-17136 HIGH POC PATCH THREAT Act Now

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD GitHub
CVSS 3.1
7.8
EPSS
14.0%
CVE-2020-29311 CRITICAL POC Act Now

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ubilling
NVD GitHub
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-26201 CRITICAL POC Act Now

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Ap5100W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-19527 CRITICAL POC Act Now

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-19142 CRITICAL POC Act Now

iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-16608 CRITICAL POC Act Now

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Notable
NVD GitHub
CVSS 3.1
9.6
EPSS
4.3%
CVE-2020-25967 HIGH POC This Week

The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Fastadmin
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13526 HIGH POC This Week

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-26267 HIGH POC PATCH This Week

In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-26269 HIGH POC PATCH This Week

In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-17103 HIGH POC PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-29667 CRITICAL Act Now

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M3 Atm Monitoring System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-26266 MEDIUM POC PATCH This Month

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Tensorflow
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2020-17142 CRITICAL PATCH Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
9.1
EPSS
3.5%
CVE-2020-24445 CRITICAL Act Now

AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
9.0
EPSS
2.5%
CVE-2020-17158 HIGH PATCH This Week

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-17152 HIGH PATCH This Week

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-17143 HIGH PATCH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.8
EPSS
70.6%
CVE-2020-17121 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-17147 HIGH PATCH This Week

Dynamics CRM Webclient Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
8.7
EPSS
1.5%
CVE-2020-17095 HIGH PATCH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.5
EPSS
5.2%
CVE-2020-26268 MEDIUM POC PATCH This Month

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Python Tensorflow
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-17144 HIGH KEV PATCH THREAT This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Exchange Server
NVD
CVSS 3.1
8.4
EPSS
36.5%
CVE-2020-17141 HIGH PATCH This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.4
EPSS
7.4%
CVE-2020-17140 HIGH PATCH This Week

Windows SMB Information Disclosure Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.1
EPSS
12.2%
CVE-2020-17118 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2020-17115 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
2.6%
CVE-2020-4829 HIGH PATCH This Week

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-17159 HIGH PATCH This Week

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Java RCE Language Support For Java
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2020-17156 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-17150 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Tslint
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-17148 HIGH PATCH This Week

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-17139 HIGH PATCH This Week

Windows Overlay Filter Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-17137 HIGH PATCH This Week

DirectX Graphics Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-17134 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-17129 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17128 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-17127 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Excel
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17125 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17124 HIGH PATCH This Week

Microsoft PowerPoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Powerpoint
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17123 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-17122 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office Web Apps Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2020-17092 HIGH PATCH This Week

Windows Network Connections Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-16964 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-16963 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-16962 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-16961 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-16960 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-16959 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy