Skip to main content
CVE-2020-29254 HIGH POC This Week

TikiWiki 21.2 allows templates to be edited without CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-35135 HIGH POC PATCH This Week

The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF PHP Ultimate Category Excluder
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-27828 HIGH POC PATCH This Week

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Jasper Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-13520 HIGH POC This Week

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Openusd macOS
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2020-7793 HIGH POC PATCH This Week

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ua Parser Js Sinec Ins
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-7792 HIGH POC PATCH This Week

This affects all versions of package mout. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Mout
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13530 HIGH POC This Week

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opener
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-4633 HIGH This Week

IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-9301 HIGH PATCH This Week

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apple Spinnaker
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-7560 HIGH This Week

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ecostruxure Control Expert Unity Pro
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-17439 HIGH This Week

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Uip
NVD
CVSS 3.1
8.3
EPSS
3.1%
CVE-2020-24334 HIGH This Week

The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Uip
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2020-17437 HIGH PATCH This Week

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Uip Open Iscsi Sentron 3Va Com100 Firmware +8
NVD
CVSS 3.1
8.2
EPSS
2.8%
CVE-2020-27786 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux Memory Corruption Use After Free +6
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-28219 HIGH This Week

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24340 HIGH This Week

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp Picotcp Ng
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-24339 HIGH This Week

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp Picotcp Ng
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-24337 HIGH This Week

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Picotcp Picotcp Ng
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-17469 HIGH This Week

An issue was discovered in FNET through 4.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Fnet
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-17468 HIGH This Week

An issue was discovered in FNET through 4.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fnet
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-17445 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-17444 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-17443 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-17442 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-17440 HIGH This Week

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Uip
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-13988 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Contiki Ng
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-13987 HIGH PATCH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Uip Open Iscsi Sentron 3Va Com100 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-13986 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-13985 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Contiki
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2020-13984 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-5949 HIGH This Week

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27713 HIGH This Week

In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7791 HIGH PATCH This Week

This affects the package i18n before 2.1.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure I18N
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-27508 HIGH PATCH This Week

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frappe
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25191 HIGH This Week

Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compactrio Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7543 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7542 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7539 HIGH This Week

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7537 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7536 HIGH This Week

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7535 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-28217 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-28216 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-24637 HIGH This Week

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-24447 HIGH PATCH This Week

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Microsoft Lightroom
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-24440 HIGH PATCH This Week

Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Prelude
NVD
CVSS 3.1
7.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy