Skip to main content
CVE-2020-17530 CRITICAL POC KEV PATCH THREAT Act Now

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache RCE Struts Business Intelligence Communications Diameter Intelligence Hub +5
NVD GitHub
CVSS 3.1
9.8
EPSS
95.9%
CVE-2020-19165 CRITICAL POC Act Now

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpshe
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15357 CRITICAL POC Act Now

Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ap5100W Firmware
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-7788 CRITICAL POC PATCH Act Now

This affects the package ini before 1.3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Ini Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-13556 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Opener
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-29254 HIGH POC This Week

TikiWiki 21.2 allows templates to be edited without CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-35135 HIGH POC PATCH This Week

The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF PHP Ultimate Category Excluder
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-27828 HIGH POC PATCH This Week

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Jasper Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-13520 HIGH POC This Week

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Openusd macOS
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2020-7793 HIGH POC PATCH This Week

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ua Parser Js Sinec Ins
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-7792 HIGH POC PATCH This Week

This affects all versions of package mout. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Mout
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13530 HIGH POC This Week

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opener
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-29455 MEDIUM POC This Month

A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liveaddressplugin Js
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-27134 CRITICAL Act Now

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Microsoft Apple Jabber +1
NVD
CVSS 3.1
9.9
EPSS
1.6%
CVE-2020-27133 CRITICAL Act Now

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Microsoft Apple Jabber +1
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2020-27132 CRITICAL Act Now

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Microsoft Apple Jabber +1
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2020-27127 CRITICAL Act Now

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Microsoft Apple Jabber +1
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2020-15023 MEDIUM POC This Month

Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ap5100W Firmware
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-25112 CRITICAL Act Now

An issue was discovered in the IPv6 stack in Contiki through 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Contiki Os
NVD
CVSS 3.1
9.8
EPSS
26.8%
CVE-2020-25111 CRITICAL Act Now

An issue was discovered in the IPv6 stack in Contiki through 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Contiki Os
NVD
CVSS 3.1
9.8
EPSS
20.1%
CVE-2020-25110 CRITICAL Act Now

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Nut Os
NVD
CVSS 3.1
9.8
EPSS
52.3%
CVE-2020-25109 CRITICAL Act Now

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Nut Os
NVD
CVSS 3.1
9.8
EPSS
52.3%
CVE-2020-25108 CRITICAL Act Now

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Nut Os
NVD
CVSS 3.1
9.8
EPSS
52.3%
CVE-2020-25107 CRITICAL Act Now

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Nut Os
NVD
CVSS 3.1
9.8
EPSS
52.3%
CVE-2020-24338 CRITICAL Act Now

An issue was discovered in picoTCP through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Picotcp
NVD
CVSS 3.1
9.8
EPSS
35.9%
CVE-2020-24336 CRITICAL Act Now

An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Contiki Ng Contiki
NVD
CVSS 3.1
9.8
EPSS
58.7%
CVE-2020-17438 CRITICAL Act Now

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Uip
NVD
CVSS 3.1
9.8
EPSS
18.5%
CVE-2020-27730 CRITICAL Act Now

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Path Traversal Nginx Controller Cloud Backup
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-29574 CRITICAL KEV THREAT Act Now

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cyberoamos
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-28440 CRITICAL Act Now

All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Corenlp Js Interface
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-28439 CRITICAL Act Now

This affects all versions of package corenlp-js-prefab. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Corenlp Js Prefab
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-29591 CRITICAL Act Now

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Brute Force Registry
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-24634 CRITICAL Act Now

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-24633 CRITICAL Act Now

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Sd Wan
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-7540 CRITICAL Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +19
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-28215 CRITICAL Act Now

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Authentication Bypass Easergy T300 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-5948 CRITICAL Act Now

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack,. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-35132 MEDIUM POC PATCH This Month

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpldapadmin Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-35127 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-26421 MEDIUM POC PATCH This Month

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wireshark Fedora +2
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-26420 MEDIUM POC PATCH This Month

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-26419 MEDIUM POC PATCH This Month

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2020-26418 MEDIUM POC PATCH This Month

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Debian Linux Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
3.0%
CVE-2020-26413 MEDIUM POC THREAT This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
33.8%
CVE-2020-24383 CRITICAL Act Now

An issue was discovered in FNET through 4.6.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fnet
NVD
CVSS 3.1
9.1
EPSS
4.8%
CVE-2020-24341 CRITICAL Act Now

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp Picotcp Ng
NVD
CVSS 3.1
9.1
EPSS
4.9%
CVE-2020-17467 CRITICAL Act Now

An issue was discovered in FNET through 4.6.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fnet
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2020-17441 CRITICAL Act Now

An issue was discovered in picoTCP 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp Mplab Harmony
NVD
CVSS 3.1
9.1
EPSS
7.1%
CVE-2020-4633 HIGH This Week

IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-35126 MEDIUM POC This Month

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typesetter
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy