Skip to main content
CVE-2020-20189 CRITICAL POC Act Now

SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Newpk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-20184 CRITICAL POC Act Now

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gateone
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-20136 CRITICAL POC Act Now

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Lean
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35338 CRITICAL POC THREAT Act Now

The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wireless Multiplex Terminal Playout Server
NVD
CVSS 3.1
9.8
EPSS
12.1%
CVE-2020-35378 CRITICAL POC Act Now

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Bus Ticket Reservation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-29227 CRITICAL POC THREAT Act Now

An issue was discovered in Car Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Car Rental Management System
NVD
CVSS 3.1
9.8
EPSS
16.8%
CVE-2020-28860 HIGH POC This Week

OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Digital Asset Management
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-28858 HIGH POC This Week

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Digital Asset Management
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-35235 HIGH POC THREAT This Week

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Secure File Manager
NVD
CVSS 3.1
8.8
EPSS
18.0%
CVE-2020-29669 HIGH POC This Week

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wifisd2 2A82 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-8177 HIGH POC PATCH This Week

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux M10 1 Firmware M10 4 Firmware +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-35457 HIGH POC PATCH This Week

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Glib
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8231 HIGH POC PATCH This Week

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Libcurl Sinec Infrastructure Network Services +3
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-8169 HIGH POC PATCH This Week

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Simatic Tim 1531 Irc Firmware Debian Linux Sinec Infrastructure Network Services +1
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-35234 HIGH POC THREAT This Week

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Wp Smtp
NVD
CVSS 3.1
7.5
EPSS
64.6%
CVE-2020-35382 HIGH POC This Week

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Classroombookings
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-28857 MEDIUM POC This Month

OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Digital Asset Management
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-29304 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Directories Pro
NVD
CVSS 3.1
6.1
EPSS
5.5%
CVE-2020-29303 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF PHP Directories Pro
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-0456 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-0457 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-0455 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-25228 CRITICAL Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Logo 8 Bm Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8257 CRITICAL Act Now

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Gateway Plug In
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-25187 CRITICAL Act Now

Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-25179 CRITICAL Act Now

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3 0T Signa Hdxt Firmware 3 0T Signa Hd 16 Firmware 3 0T Signa Hd 23 Firmware 1 5T Brivo Mr355 Firmware +107
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25175 CRITICAL Act Now

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3 0T Signa Hdxt Firmware 3 0T Signa Hd 16 Firmware 3 0T Signa Hd 23 Firmware 1 5T Brivo Mr355 Firmware +107
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-14268 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Notes
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14244 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Domino
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-5639 CRITICAL Act Now

Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Filezen
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-28861 MEDIUM POC This Month

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Digital Asset Management
NVD VulDB
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-8283 HIGH This Week

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Virtual Apps And Desktops Xenapp +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-8282 HIGH This Week

A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Edgemax Edgepower 24V Firmware Edgemax Edgepower 54V Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-25183 HIGH This Week

Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-16103 HIGH This Week

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Centre
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-5635 HIGH This Week

Aterm SA3500G firmware versions prior to Ver. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Sa3500G Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-16102 HIGH This Week

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-27252 HIGH This Week

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2020-28856 HIGH This Week

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Digital Asset Management
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-0016 HIGH This Week

In the Broadcom Nexus firmware, there is an insecure default password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Broadcom Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0466 HIGH PATCH This Week

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0458 HIGH PATCH This Week

In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-0444 HIGH PATCH This Week

In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0440 HIGH PATCH This Week

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0099 HIGH PATCH This Week

In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-25234 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2020-0463 HIGH PATCH This Week

In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-0460 HIGH PATCH This Week

In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy