Skip to main content
CVE-2020-28860 HIGH POC This Week

OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Digital Asset Management
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-28858 HIGH POC This Week

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Digital Asset Management
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-35235 HIGH POC THREAT This Week

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Secure File Manager
NVD
CVSS 3.1
8.8
EPSS
18.0%
CVE-2020-29669 HIGH POC This Week

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wifisd2 2A82 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-8177 HIGH POC PATCH This Week

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux M10 1 Firmware M10 4 Firmware +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-35457 HIGH POC PATCH This Week

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Glib
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8231 HIGH POC PATCH This Week

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Libcurl Sinec Infrastructure Network Services +3
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-8169 HIGH POC PATCH This Week

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Simatic Tim 1531 Irc Firmware Debian Linux Sinec Infrastructure Network Services +1
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-35234 HIGH POC THREAT This Week

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Wp Smtp
NVD
CVSS 3.1
7.5
EPSS
64.6%
CVE-2020-35382 HIGH POC This Week

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Classroombookings
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-8283 HIGH This Week

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Virtual Apps And Desktops Xenapp +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-8282 HIGH This Week

A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Edgemax Edgepower 24V Firmware Edgemax Edgepower 54V Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-25183 HIGH This Week

Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-16103 HIGH This Week

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Centre
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-5635 HIGH This Week

Aterm SA3500G firmware versions prior to Ver. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Sa3500G Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-16102 HIGH This Week

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-27252 HIGH This Week

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2020-28856 HIGH This Week

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Digital Asset Management
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-0016 HIGH This Week

In the Broadcom Nexus firmware, there is an insecure default password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Broadcom Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0466 HIGH PATCH This Week

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0458 HIGH PATCH This Week

In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-0444 HIGH PATCH This Week

In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0440 HIGH PATCH This Week

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0099 HIGH PATCH This Week

In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-25234 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2020-0463 HIGH PATCH This Week

In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-0460 HIGH PATCH This Week

In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-25235 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25232 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-25230 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25229 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-15796 HIGH This Week

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200Sp Open Controller Firmware Simatic S7 1500 Software Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-8258 HIGH This Week

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Gateway Plug In
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-20183 HIGH This Week

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass P1302 T10 V3 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5665 HIGH This Week

Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq F Fx5U Cpu Firmware
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2020-28396 HIGH This Week

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sicam A8000 Cp 8000 Firmware Sicam A8000 Cp 8021 Firmware Sicam A8000 Cp 8022 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2020-16104 HIGH This Week

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Command Centre
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-14368 HIGH This Week

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Che
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy